azure-keyvault

问题 Usually when you use key vault to encrypt and decrypt data you have to keep your AD registered app's (that has the authorization to access key vault) ClientID and ClientSecret in plain text somewhere. This seems like a security problem if someone steals the the ClientID and Secret anyone can claim they are the registered app. Is there or can there be a more secure approach? 回答1: You can use a certificate to authenticate instead of a secret. There are three things you need to do for this

问题 Usually when you use key vault to encrypt and decrypt data you have to keep your AD registered app's (that has the authorization to access key vault) ClientID and ClientSecret in plain text somewhere. This seems like a security problem if someone steals the the ClientID and Secret anyone can claim they are the registered app. Is there or can there be a more secure approach? 回答1: You can use a certificate to authenticate instead of a secret. There are three things you need to do for this

问题 How I can upload or store public key (.cer) file in azure keyvault. From the keyvault panel it gives error when I tried to to upload any .cer file where It works for .pfx file. 回答1: You should consider if Key Vault is the appropriate solution for your scenario. The public key (by nature) is not confidential data, you don't need a secure place to store it. You can use a general purpose storage service for it. If you still need to use Key Vault, you can store it as a secret. Key Vault secrets

问题 I can get the secret from azure key vault in rest api if I already know the version number using this endpoint: https://my-key-vault-dev.vault.azure.net/secrets/MyTestSecret/13f8347b8518483f8236670197497c93?api-version=2016-10-01 But what if I don't know what the latest version number is? I guess I could get the latest version number query list first: GET {vaultBaseUrl}/secrets/{secret-name}/versions?api-version=2016-10-01 Is it possible to do it all in one query? For example, something like

问题 I began using Azure Keyvault to store private keys for my application. I have a use case where I need to sign a JWT token with an RSA private key. When I had the private key in my application memory, it was easy, I would just do that var token = new JwtSecurityToken( issuer, ..., claims, ..., ..., signingCredentials_PrivateKey); Now that I began to use Azure Keyvault, I want to see if it's possible to sign JWT tokens via the KeyVaultClient.SignAsync method. Something along the lines of

问题 I have uploaded a pem file to Azure Key Vault Keys via azure portal and tried below function to get the data using "azure-keyvault": "^3.0.0-preview", client.getKey(vaultUri, keyName, keyVersion, {maxresults : 10}, function(err, result) { if (err) throw err; console.log(result,'-----------key-'); }) result { key: { kid: 'https://test.vault.azure.net/keys/test/1123123123lksldkf', kty: 'RSA', keyOps: [ 'sign', 'verify', 'wrapKey', 'unwrapKey', 'encrypt', 'decrypt' ], n: <Buffer ... >, e:

问题 I was created azure key vault through in the specified subscription. Followed this article, https://docs.microsoft.com/en-us/rest/api/keyvault/keyvaultpreview/vaults/createorupdate#examples And when the api called, azure vault created successfully. Now I also need to create a key for the created Key vault. Is it possible to create the key when the azure key vault creation? 回答1: Is it possible to create the key when the azure key vault creation? As juunas said, you need to make a separate call

问题 I am trying to create a master key vault, which will contain all certificates to authenticate as a certain user. I have 2 service principals => One for my app, One for deployment. The idea is that the deploy service principal gets access to the Key Vault and adds the certificate located there to the Store of the web applications. I have created the service principal and I have given him all permissions on the key vault. Also I have enabled access secrets in ARM templates for that key vault.

问题 Good Day! I've read in most articles that deploying an application in Azure is needed such that an application will be able programmatically access the secrets stored in the Azure Key Vault. Is there a way to not deploy the application in azure and have it still be able to access the Azure Key Vault to fetch the secrets either by using client id and client secret or certificates? Thanks! 回答1: There's no need to run your application in Azure for you to use Azure KeyVault. Your application can

问题 I used the following powershell commands to create an Azure Key Vault: //https://docs.microsoft.com/en-us/azure/key-vault/key-vault-get-started Login-AzureRmAccount –Environment (Get-AzureRmEnvironment –Name AzureCloud) set-azureRMContext -SubscriptionId ( Get-AzureRmSubscription -SubscriptionName "Visual Studio Enterprise").SubscriptionId // Register-AzureRmResourceProvider -ProviderNamespace "Microsoft.KeyVault" (if error occurs in subscription) New-AzureRmResourceGroup –Name "VaVaultRG"