Azure Key Vault

  • Author: Ronald Fung

  • Creation Date: 1 June 2023

  • Next Modified Date: 1 June 2024


A. Introduction

Azure Key Vault is one of several key management solutions in Azure, and helps solve the following problems:

  • Secrets Management - Azure Key Vault can be used to Securely store and tightly control access to tokens, passwords, certificates, API keys, and other secrets

  • Key Management - Azure Key Vault can be used as a Key Management solution. Azure Key Vault makes it easy to create and control the encryption keys used to encrypt your data.

  • Certificate Management - Azure Key Vault lets you easily provision, manage, and deploy public and private Transport Layer Security/Secure Sockets Layer (TLS/SSL) certificates for use with Azure and your internal connected resources. Azure Key Vault has two service tiers: Standard, which encrypts with a software key, and a Premium tier, which includes hardware security module(HSM)-protected keys. To see a comparison between the Standard and Premium tiers, see the Azure Key Vault pricing page.


B. How is it used at Seagen

As a biopharma research company using Microsoft Azure, you can use Azure Key Vault to store and manage cryptographic keys, secrets, and certificates used to secure your applications and services. Here are some ways you can use Azure Key Vault:

  1. Securely store and manage keys and secrets: Azure Key Vault can securely store and manage cryptographic keys, secrets, and certificates used to secure your applications and services, ensuring that they are protected from unauthorized access.

  2. Securely access keys and secrets: Azure Key Vault provides a secure way to access keys and secrets, allowing your applications and services to securely retrieve and use cryptographic keys and secrets as needed.

  3. Simplify key and secret management: Azure Key Vault simplifies key and secret management by providing a centralized repository for storing and managing keys and secrets, reducing the complexity of managing multiple keys and secrets across different applications and services.

  4. Audit key and secret usage: Azure Key Vault provides auditing capabilities, allowing you to track key and secret usage and identify any potential security issues.

  5. Integrate with other Azure services: Azure Key Vault can integrate with other Azure services, such as Azure Active Directory and Azure Virtual Machines, to provide a more comprehensive and secure solution for managing keys and secrets.

  6. Compliance and regulatory requirements: Azure Key Vault is designed to meet compliance and regulatory requirements, such as HIPAA, PCI DSS, and SOC 2, ensuring that your cryptographic keys and secrets are properly secured and protected.

Overall, Azure Key Vault provides a powerful and flexible tool for securely storing and managing cryptographic keys, secrets, and certificates used to secure your applications and services. By leveraging the scalability, security, and performance of the service, you can ensure that your cryptographic keys and secrets are properly secured and protected, and that you are benefiting from the compliance and regulatory capabilities it provides.


C. Features

Azure Key Vault is a cloud-based service that allows you to securely store and manage cryptographic keys, secrets, and certificates used to secure your applications and services. Here are some of the key features of Azure Key Vault:

  1. Secure storage of keys and secrets: Azure Key Vault provides a secure way to store and manage cryptographic keys, secrets, and certificates, ensuring that they are protected from unauthorized access.

  2. Role-based access control: Azure Key Vault provides role-based access control, allowing you to control who has access to your keys and secrets and what they can do with them.

  3. Integration with Azure Active Directory: Azure Key Vault can integrate with Azure Active Directory, providing a secure way to authenticate and authorize users and applications accessing your keys and secrets.

  4. Auditing and logging: Azure Key Vault provides auditing and logging capabilities, allowing you to track key and secret usage and identify any potential security issues.

  5. Versioning: Azure Key Vault supports versioning of keys and secrets, allowing you to keep track of changes and revert to previous versions if needed.

  6. Key and secret rotation: Azure Key Vault supports key and secret rotation, allowing you to rotate keys and secrets on a regular basis to improve security.

  7. Compliance and regulatory support: Azure Key Vault is designed to meet compliance and regulatory requirements, such as HIPAA, PCI DSS, and SOC 2, ensuring that your cryptographic keys and secrets are properly secured and protected.

  8. High availability and scalability: Azure Key Vault provides high availability and scalability, allowing you to scale the service as needed to meet the demands of your applications and services.

Overall, Azure Key Vault provides a powerful and flexible tool for securely storing and managing cryptographic keys, secrets, and certificates used to secure your applications and services. By leveraging the scalability, security, and performance of the service, you can ensure that your cryptographic keys and secrets are properly secured and protected, and that you are benefiting from the compliance and regulatory capabilities it provides.


D. Where Implemented

LeanIX


E. How it is tested

Testing Azure Key Vault involves verifying that the cryptographic keys, secrets, and certificates stored in the vault are properly secured and protected from unauthorized access. Here are some steps you can take to test Azure Key Vault:

  1. Verify configuration: Verify that Azure Key Vault is properly configured and integrated with your Azure account and resources.

  2. Test access control: Test Azure Key Vault by verifying that role-based access control is properly implemented and that only authorized users and applications can access your keys and secrets.

  3. Test key and secret management: Test Azure Key Vault by verifying that you can securely store and manage cryptographic keys, secrets, and certificates, and that versioning and rotation are working as expected.

  4. Test auditing and logging: Test Azure Key Vault by verifying that auditing and logging capabilities are properly implemented and that you can track key and secret usage and identify any potential security issues.

  5. Test integration with other Azure services: Test Azure Key Vault by verifying that it can integrate with other Azure services, such as Azure Active Directory and Azure Virtual Machines, to provide a more comprehensive and secure solution for managing keys and secrets.

  6. Test compliance and regulatory requirements: Test Azure Key Vault by verifying that it meets compliance and regulatory requirements, such as HIPAA, PCI DSS, and SOC 2, ensuring that your cryptographic keys and secrets are properly secured and protected.

  7. Test performance and scalability: Test Azure Key Vault by verifying that it provides high availability and scalability, allowing you to scale the service as needed to meet the demands of your applications and services.

Overall, testing Azure Key Vault involves verifying that your cryptographic keys, secrets, and certificates are properly secured and protected from unauthorized access. By testing Azure Key Vault, you can ensure that you are effectively using the service to securely store and manage your cryptographic keys and secrets, and that you are benefiting from the scalability, security, and compliance capabilities it provides.


F. 2023 Roadmap

????


G. 2024 Roadmap

????


H. Known Issues

Like any software or service, there may be known issues or limitations with Azure Key Vault that users should be aware of. Here are some of the known issues with Azure Key Vault:

  1. Limited customization: Azure Key Vault has limited customization options, which can limit the ability of users to configure the service to their specific needs.

  2. Limited support for certain key types: Azure Key Vault may not support all key types, which can limit the ability of users to perform certain types of cryptographic operations.

  3. Limited support for certain regions: Azure Key Vault may not be available in all regions, which can limit the ability of users to use the service in certain geographic locations.

  4. Cost: Azure Key Vault can be expensive for users with limited budgets, particularly if they need to store and manage large volumes of cryptographic keys and secrets.

  5. Security and compliance concerns: Users must ensure that they are properly securing and protecting cryptographic keys and secrets when using Azure Key Vault, particularly when storing and managing sensitive data or data subject to regulatory compliance requirements.

Overall, while Azure Key Vault offers a powerful and flexible tool for securely storing and managing cryptographic keys, secrets, and certificates, users must be aware of these known issues and take steps to mitigate their impact. This may include carefully configuring the service to meet the specific needs of their data, carefully monitoring the performance and cost of the service to ensure that it is a good fit for their data requirements, and carefully integrating the service into their existing workflows to ensure that it is effectively utilized. By taking these steps, users can ensure that they are effectively using Azure Key Vault to securely store and manage their cryptographic keys and secrets, and that they are benefiting from the scalability, security, and compliance capabilities it provides.


[x] Reviewed by Enterprise Architecture

[x] Reviewed by Application Development

[x] Reviewed by Data Architecture