Getting started with Key vault

Implement Azure Security for Developers

Anushika Agarwal

Cloud Data Engineer

Risk of hardcoding secrets

• Secrets in code are:
  1. Hard to rotate
  2. difficult to track

The fix: Azure Key vault

• One secure place for sensitive items
• Fully managed and protected by Azure

Why use Key vault?

• Managed by Azure
• Scales with your apps
• CI/CD integration

What does Key vault Store?

1. Secrets
2. Certificates
3. Keys

Secrets

• Store: API keys, Passwords, connection strings

• Avoid hardcoding sensitive data

• Encrypted, versioned, and access-controlled

• Easy to rotate and manage securely

Example: secrets in PeopleSphere

• Payroll database password stored in Key Vault

• Safer than hardcoding in the app

Certificates

• Digital ID for your app

• Prove app identity to users and services

• Automatic renewal and lifecycle management

Example: certificates in PeopleSphere

• HR portal certificates stored in Key Vault

• Trusted connections with payroll processors

Keys

Keys = Cryptographic tools

• Encrypt and decrypt sensitive data

• Sign and verify tokens and documents

• Rotated regularly

Example: keys in PeopleSphere

• Protects employee record encryption keys

Key Vault tiers and storage options

• Two choices based on security needs:
  1. Standard Key Vault
  2. Managed HSM Pools

Standard Key vault

• Multi tenant, software managed service

• Supports:
  • Secrets
  • Software protected keys
  • Hardware protected keys
    • ( (HSM-backed, FIPS 140-2 Level 2))

• Ideal:
  • most business scenarios
  • Examples: web apps, APIs, and cloud configurations

• Pricing: Per-operation billing

Managed HSM pools

• Dedicated, single-tenant hardware

• Supports:
  • Hardware protected keys
    • (FIPS 140-2 Level 3)

• Ideal: high security and compliance heavy workloads

• Pricing: Fixed hourly cost + usage fees

Let's practice!

Implement Azure Security for Developers