As the adoption of cloud technologies increases day by day, companies are enhancing their web applications by using the varied services provided by different cloud providers. Security is an important step while developing any application. In this article, I am going to provide the details of one such Azure service that helps safely store your application configuration secrets – Azure Key Vault. I’ll go through what Azure Key Vault is and how you can use it to store application secrets securely.
While developing applications, you might have seen scenarios where you need to provide connection strings to resources such as databases or cache. As a developer, you might be quite aware that these values are being put into the configuration files (i.e., web.config) of the application. These values are further used by the application to establish connections and communicate with the resources. This may be seen as one of the security issues as the connection strings might be accidentally visible to unauthorized individuals. This is one of the security threats for the Production database information. Azure Key Vault can come to the rescue here so that the crucial information is saved on the Azure cloud with more secured role-based authorization and access control policies. The next section explains the Azure Key Vault in more detail.
As the name suggests, Azure Key Vault is used to store and manage keys securely. Key Vault can be used to store the cryptographic secrets and keys such as authentication keys, storage account keys, data encryption keys, passwords and certificates.
Azure Key Vault enables developers to create the keys for development and testing in minutes, and they can further migrate this setup seamlessly onto the production environment.
The centralized key store/vault can be securely managed by the Key Vault owner who manages permissions to this key store and would be responsible for keeping the secrets secure.
Keys: These are the cryptographic keys which are most often used by other Azure services. For example, say you want to write data to Azure Storage, and you want to encrypt it. Such highly sensitive encryption codes can be stored as the keys.
Secrets: These include sensitive information that application might need during the run time such as SQL database connection strings and other connections string such as Azure Storage, Redis Cache, etc. that the application is using.
Certificates: The certificates that are used for HTTP/SSL communication is a good example. These certificates consist of private and public keys, and such values should be stored securely.
Take a look at how you can store application secrets in Azure Key Vault and use them to build applications.
The application demonstrated here is a simple console application that fetches an image from Azure blob storage and downloads it to the local folder specified in the application. Since the app must grab the image from the Azure storage blob, it must establish a secure connection. Typically, this connection string is stored in the config file of the application; however, this example makes use of Azure Key Vault to store this connection string value. The essential components needed for this application are
#.net development #homepage #security and compliance #sql data catalog #security