Azure Key Vault (AKV) is a cloud-based security service that provides secure storage, management, and deployment of sensitive data, such as:
- Encryption and Cryptographic keys
- Certificates (SSL/TLS, Azure, etc.)
- Secrets (passwords, credentials, etc.)
AKV offers:
- Secure storage in a Hardware Security Module (HSM)
- Centralised management and organisation
- Access control and authentication
- Encryption and decryption services
- Key rotation and revocation
- Auditing and logging
- Integration with Azure services and applications
In this tutorial, I will be demonstrating how to access Azure Key Vault and utilising one of its capabilities to add a secret to the vault.
PREREQUISITE
- Working computer
- Internet connection
- Microsoft Azure account + active subscription
PROCEDURE
LOCATE THE AZURE KEY VAULT SERVICE
Open the Azure portal and type “Key Vault” in the search bar at the top. Click on “Key vaults” under services as seen in the image below.
CREATE AN AZURE KEY VAULT
On the Key Vault service webpage that loads, click on the “Create” or “Create key vault” button as you deem fit.
You will be directed to the “Basics” page.
The first part of the “Basics” page is the “Project details” section where you are asked to select the subscription and resource group under which you want to create the key Vault.
PS: In case you want a new resource group, creating a resource group just requires you to provide a name in the input box provided after clicking on “Create new” beneath the “Resource group” input box.
The next section is “Instance details” where you can input a Key Vault name of choice, select a region and pricing tier as required.
Afterwards, click on the “Review + create” button.
A page as shown should appear showing the specifications selected and the details of the key vault.
Click on the “Create” button.
There will be a pop-up at the top right showing the status of the deployment.
You will be directed to a key vault deployment page which goes through several phases that you might need to be patient for.
When deployment has been completed, click on “Go to resource”.
The key vault resource page loads.
ADD ROLE ASSIGNMENTS
On the resource page, click on “Access control (IAM)” on the side menu.
On the page that loads, click on “Add” then, “Add role assignment”
The “Role” page loads. Click on a suitable role (in this case, Key Vault Administrator) and then, click on the “Next” button.
On “Members” page, click on “Select members”.
On the pop-up window, select member by clicking on the user and then the “Select” button.
Click on “Review + assign” button.
There will be a pop-up at the top right showing the progress.
CREATE SECRET
Once it is added, navigate to the menu and click on “Objects”, then “Secrets”.
On the “Secrets” page, click on “Generate/Import”.
On the page that loads, input secret name and value (password), set activation and expiry dates. Click on “Create”.
You should have a newly created secret in your azure key vault right about now.
Source link
lol