Microsoft Azure provides a way to manage cryptographic keys and application secrets in a way that it doesn’t expose them to applications.
Let’s say that you have a web application and you access this application via a key stored in web config or it is hardcoded.
With Azure Key Vault, imagine that you have a key stored somewhere safe where nobody has access, except for the person who created this Azure Key Vault and generated the key.
Create an Azure Key Vault
Let’s create a Key Vault from scratch.
First, search for the azure service “Key Vault”, and click Create.
Create Key Vault
In the blade Create key vault, fill up all the necessary fields and click Create.
Create New Key
In the main blade, under the SETTINGS tab you can see few items.
You can choose here three actions : Generate Key, Upload an existing Key or Restore a key from backup.
For the demo needs, generate a new key as the following image shows.
RSA Type: More details here. EC Type: More details here. |
Key Settings
In the picture below you can see key settings that you can modify according to your application needs.
Create New Secret
You can create a secret with two ways :
Manual : (Create a new secret, which can be used in your apps )
Certificate : (Upload an existing certificate)
Secret Settings
At the image below you can see the key vault secret settings that you can change.
Create New Certificate
You can create an SSL certificate very easily, just type Certificate Name, Select the type of CA and type a Subject.
Certificate Settings
In the image below you can find all the available settings on your key vault certificate and customize as needed.
Key Vault Limitations
In the table below you can find the Azure key vault service limitations.
Key type | HSM-Key CREATE Key |
HSM-key All other transactions |
Software-key CREATE Key |
Software-key All other transactions |
---|---|---|---|---|
RSA 2048-bit | 5 | 1000 | 10 | 2000 |
RSA 3072-bit | 5 | 250 | 10 | 500 |
RSA 4096-bit | 5 | 125 | 10 | 250 |
ECC P-256 | 5 | 1000 | 10 | 2000 |
ECC P-384 | 5 | 1000 | 10 | 2000 |
ECC P-521 | 5 | 1000 | 10 | 2000 |
ECC SECP256K1 | 5 | 1000 | 10 | 2000 |
Transactions Type | Max transactions allowed in 10 seconds, per vault per region1 | |||
All transactions | 2000 |
More Details about key vault limitations, here.
Pricing Details
Find key vault pricing details on this link.