Azure Key Vault is a tool for securely storing and accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, or certificates. A vault is a logical group of secrets.
This sample implements an Azure Function App, which uses Azure KeyVault to sign OAuth2 client assertions used to obtain JWT tokens from Azure AD. The private key used to sign the client assertion and thus authenticate the function to Azure AD is generated in the KeyVault and never leaves that service (it is not exportable).
Many systems still rely on certificate authentication. Those certificates need to be rotated and often managed from a central location. In this post, I will explain how to centralize your VM certificate deployment across multiple Azure Regions with ARM Templates and Key Vault.
This post is written collaboratively by Premier Developer Consultants Ilias Jennane and Daisy Chaussee along with App Dev Manager Wyn Lewis-Bevan. Read on to learn how to build a solution in TFS, release it in VSTS, and automate the deployments to separate Azure Resource Groups.
In his latest blog post, Premier Developer consultant Najib Zarrari discusses one approach to protecting sensitive information in your application by using VSTS and Azure Key Vault.
If you are building a modern application and are following modern design principles, there is a good chance your application is composed of a number of layers and services.