Azure KeyVault with Key Rotation

1
votes

Our application doesn't use keyvault until now. We are thinking of using Azure KeyVault to enforce security for keys, secrets and certificates. I read microsoft documentation on this Link. It's not clear that Azure KeyVault works with identity providers other than Azure AD. Because we are not using Azure AD but we are using Azure app service and storage account. we also want to implement key rotation with 1 hour expiry.

My questions are

  1. Should the web app be registered with Azure AD to use KeyVault ?

  2. While creating an azure keyvault i didn't see any option about key rotation. Am i looking in the wrong place?

  3. Any sample code would be helpful.

1
azureazure-storageazure-active-directoryazure-keyvaulthsm

1 Answers

2
votes

When you create a key vault in an Azure subscription, it is automatically associated with the subscription's Azure Active Directory tenant. All callers (users and applications) must be registered in this tenant to access this key vault. That means to access the keys and secrets stored inside the key vault, the requesting applications have to be added in Azure active directory and it also needs to have permissions to read keys and secrets in azure key vault.

Related tutorials below are for your reference :