What are the different ways to authenticate to Azure Key Vault?

Saurabh Sharma 17,291 Reputation points Microsoft Employee
2020-05-06T20:45:43.373+00:00

What are the different ways to authenticate to Azure Key Vault?

[Note: As we migrate from MSDN, this question has been posted by an Azure Cloud Engineer as a frequently asked question]

Source: What are managed identities for Azure resources?

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
660 questions
No comments
{count} votes

Accepted answer
  1. Marilee Turscak-MSFT 20,516 Reputation points Microsoft Employee
    2020-05-06T21:38:29.427+00:00

    There are three ways to authenticate to Azure Key Vault:

    1. Managed Identities

    Managed Identities are assigned to Azure resources which needs access to Azure Key Vault. This is the recommended approach as Azure automatically rotates the identity and app/service doesn’t have to manage the secret.

    Refer to What are managed identities for Azure resources? to know more about managed identities.

    2. Service Principal and Secret
    You can use a Service Principal and a secret to access a key vault. However, not recommended as it is hard to automatically rotate the secret used to authenticate to Key Vault.

    3. Service Principal and Certificate
    You can use a Service Principal and associated certificates to access key vault. The application owner/developer is required to rotate the certificates.

    Source: What are managed identities for Azure resources?

    No comments

0 additional answers

Sort by: Most helpful