Azure Key Vault is a tool for securely storing and accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, or certificates. A vault is logical group of secrets.
Advantages of Azure Key Vault :
– Secrets Management – in a secure manner, one can store and control access to tokens, passwords, certificates, API keys, and other secrets.
– Key Management – As a key management solution, Azure Key Vault simplifies the process of creating and managing encryption keys.
– Certificate Management – It serves as a service to provision, manages, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates. These can be used with Azure and other internal connected resources.
– Hardware Security Modules – Secrets and keys can be protected by software, or FIPS 140-2 Level 2 validated HSMs.
User can secure the connections strings, keys or passwords in the Azure Key Vault and use them in the web application where applicable.
It is a recommended practice to have separate instances of Key Vaults for different applications. This makes managing a Key Vault much simpler than storing secrets from multiple applications in a single vault.
It is also important to manage access policies for the various items in the vault. Accounts should be configured to have access solely to those items they need — and nothing else. Permissions are set via access policies which provide fine-grained control of permissions to items in the vault.