Skip to content

Azure Key Vault Introduction

Azure Key Vault is a cloud service that helps you safeguard cryptographic keys, secrets, and certificates.

At Power Partners, we use it mostly to store secrets such as API keys.

Access Control

Key Vault allows you to define fine-grained access policies and permissions to control who can perform specific operations on keys, secrets, and certificates. This helps enforce the principle of least privilege and restricts access to sensitive information.

There are two permission models:

  • IAM
  • Access Policies

permission-model.png

At Power Partners, we use Access Policies. This allows us to give specific identities certain access rights.

Typical Usage Scenario at Power Partners

Typically, we use the Key Vault from an azure function. This prevents us from storing passwords in python code.

There are then two distinct access scenarios:

  • access from VSC: you need to have access to the key vault with your own user
  • access from Azure Function: we create a managed identity. The identity needs access to the key vault

access-policies.png

The managed identity is defined on the azure function:

azure-function-managed-identity.png