Benefits of using Azure Key Vault

Rameez Ali 61 Reputation points
2022-02-28T03:52:16.787+00:00

I would like to understand the benefits of using a key vault from the security perspective. It is clear to me that it offers easy way of rotating secrets/keys, audit logs to keep track of who is accessing secrets and age protection.

If I develop a web application and want to protect my connection string, I can create a key pair in Key Vault and store it there. To access the connection string, I register an application in AAD, and use the client ID/Secret/URI to authenticate to AAD and access the Key Vault to obtain my connection string. However, this now means I have a client ID/Secret/URI to protect. The client ID and secret needs to be hard-coded into the application code in order to fetch the connection string from the Key Vault.

How is this better?

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,145 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Vaibhav Chaudhari 38,651 Reputation points
    2022-02-28T04:23:21.16+00:00

    The secret value should not be hardcoded in the code. Instead Key vault has to be used and that's the idea behind using key vault.

    Please see how web apps can access secret value from the key vault here:

    https://learn.microsoft.com/en-us/azure/key-vault/general/tutorial-net-create-vault-azure-web-app
    https://www.loginradius.com/blog/async/guest-post/using-azure-key-vault-with-an-azure-web-app-in-c-sharp/

    ----------

    Please don't forget to Accept Answer and Up-vote if the response helped -- Vaibhav

    1 person found this answer helpful.