<h1 id="key-vault">Key Vault<a aria-hidden="true" class="anchor-heading icon-link" href="#key-vault"></a></h1>
<p><a href="https://docs.microsoft.com/azure/key-vault/">Azure Key Vault</a> is a secrets storage solution designed to contain keys and certificates for secure authentication in public cloud infrastructure. It exposes an <abbr title="Application Programming Interface">API</abbr> that allows us to request different types of credentials based on an access policy. Premium SKUs secure tokens in a dedicated <abbr title="Hardware Security Module">HSM</abbr>, which is often a contractual obligation.</p>
<h1 id="access-policies">Access policies<a aria-hidden="true" class="anchor-heading icon-link" href="#access-policies"></a></h1>
<p>Access policies allow you to lock down the operations different principals (users, groups and system identities) can perform on different objects within the vault.</p>
<h1 id="certificates">Certificates<a aria-hidden="true" class="anchor-heading icon-link" href="#certificates"></a></h1>
<p>Many Azure services (e.g. <a href="/notes/f4e23836-db17-4c8c-8302-1d66cec79189">application gateways</a> for <abbr title="Secure Sockets Layer">SSL</abbr> certificates) support fetching certificates from a vault.</p>
<h1 id="keys">Keys<a aria-hidden="true" class="anchor-heading icon-link" href="#keys"></a></h1>
<p>Keys are used to encrypt and decrypt content. You can use a key (which makes it a <abbr title="Key Encryption Key">KEK</abbr>) to "wrap" another key to guard against <abbr title="Man In The Middle">MITM</abbr> attacks while the key is in transit.</p>
<h1 id="secrets">Secrets<a aria-hidden="true" class="anchor-heading icon-link" href="#secrets"></a></h1>
<p>Secrets are unstructured bits of text that might be used a passphrase or password for a resource.</p>
<hr>
<strong>Backlinks</strong>
<ul>
<li><a href="/notes/19fe69f1-629b-4c77-bca6-78bad3b71406">AKS (public)</a></li>
<li><a href="/notes/f4e23836-db17-4c8c-8302-1d66cec79189">Application Gateway (public)</a></li>
<li><a href="/notes/a27db023-22c8-4d4b-a60c-53f4396345ff">CDN (public)</a></li>
<li><a href="/notes/3eee5a4e-a6fa-4a08-9c19-994286624411">Disk Encryption (public)</a></li>
</ul>

Key Vault


![Digital brain](assets/images/logo.svg){display: block, margin: 0 auto, max-height: 50vh}

Hi, I'm Luke 👋

I'm a software engineer turned site reliability engineer. I'm currently big on knowledge management and learning.

# Find me elsewhere

- [👨‍💻 DEV](https://dev.to/lukecarrier)
- [🚢 GitHub](https://github.com/LukeCarrier)
- [👔 LinkedIn](https://www.linkedin.com/in/lukecarrier/)
- [📄 Résumé](https://github.com/LukeCarrier/resume)
