Azure Key Vault

Home » Azure Cheat Sheets » Azure Security Services » Azure Key Vault

Azure Key Vault

Last updated on March 9, 2023

Azure Key Vault Cheat Sheet

  • A service that allows you to store tokens, passwords, certificates, and other secrets.
  • You can also create and manage the keys used to encrypt your data.

Features

  • Soft delete allows a deleted key vault and its objects to be retrieved during the retention time you designate.
  • The retention period of a deleted vault is between 7 to 90 days.
  • With soft-delete and purge protection enabled, it will not purge a vault or object in the deleted state until the retention period has expired.
  • You may connect to a key vault via
    • A public endpoint in all networks
    • A public endpoint in selected networks
    • A private endpoint
  • Tutorials dojo strip
  • Share access to your applications and resources without revealing your credentials.

Concepts

  • A tenant is a representation of an organization.
    • Azure Active Directory allows you to publish multi-tenant applications.
    • Azure Active Directory (B2C) tenant represents a collection of identities.
  • A vault owner enables you to create a key vault and set up an auditing log of who has access to secrets and keys.
  • A vault consumer can only perform actions on the assets inside the key vault if the vault owner grants the consumer access.
  • A manageable item in Azure is called resource, and resource groups are containers that hold related resources.
  • Service principal gives you control over which resources can be accessed. At the same time, a managed identity eliminates the need for you to create and manage service principals directly since it provides Azure services with an automatically managed identity in Azure AD.
  • You can identify an Azure AD instance within your Azure subscription using a tenant ID.
  • An access policy grants the service principal (user group or application) permissions to perform various operations on Azure Key Vault keys, secrets, and certificates.
    • You can also configure the access policy from a template.
    • With access policy, you can enable access to:
      • Azure Virtual Machines for deployment – this will permit the VMs to retrieve certificates stored as secrets from the key vault.
      • Azure Resource Manager for template deployment – if this option is enabled, the ARM is permitted to retrieve secrets from the key vault.
      • Azure Disk Encryption for volume encryption – grants permission to retrieve secrets from the key vault and unwrap keys.
    • You can select a permission model between vault access policy or Azure RBAC.

Azure Key Vault Pricing

  • You are charged if the key has been used at least once in the last 30 days (based on the key’s creation date).
  • You are charged for each historical version of a key.

Want to learn more about Azure? Watch the official Microsoft Azure YouTube channel’s video series called Azure Tips and Tricks.

Azure Key Vault Cheat Sheet References:

https://docs.microsoft.com/en-us/azure/key-vault/general/overview
https://azure.microsoft.com/en-us/services/key-vault/

Tutorials Dojo portal

Be Inspired and Mentored with Cloud Career Journeys!

Tutorials Dojo portal

Enroll Now – Our Azure Certification Exam Reviewers

azure reviewers tutorials dojo

Enroll Now – Our Google Cloud Certification Exam Reviewers

Tutorials Dojo Exam Study Guide eBooks

tutorials dojo study guide eBook

FREE AWS Exam Readiness Digital Courses

Subscribe to our YouTube Channel

Tutorials Dojo YouTube Channel

FREE Intro to Cloud Computing for Beginners

FREE AWS, Azure, GCP Practice Test Samplers

Recent Posts

Written by: Jon Bonso

Jon Bonso is the co-founder of Tutorials Dojo, an EdTech startup and an AWS Digital Training Partner that provides high-quality educational materials in the cloud computing space. He graduated from Mapúa Institute of Technology in 2007 with a bachelor's degree in Information Technology. Jon holds 10 AWS Certifications and is also an active AWS Community Builder since 2020.

AWS, Azure, and GCP Certifications are consistently among the top-paying IT certifications in the world, considering that most companies have now shifted to the cloud. Earn over $150,000 per year with an AWS, Azure, or GCP certification!

Follow us on LinkedIn, YouTube, Facebook, or join our Slack study group. More importantly, answer as many practice exams as you can to help increase your chances of passing your certification exams on your first try!

View Our AWS, Azure, and GCP Exam Reviewers Check out our FREE courses

Our Community

~98%
passing rate
Around 95-98% of our students pass the AWS Certification exams after training with our courses.
200k+
students
Over 200k enrollees choose Tutorials Dojo in preparing for their AWS Certification exams.
~4.8
ratings
Our courses are highly rated by our enrollees from all over the world.

What our students say about us?