Azure Key Vault

Azure Key Vault

Azure Key Vault is a cloud service that provides a secure store for secrets. It allows for:

  • Secrets Management
    Securely store and manage sensitive information like API keys, passwords, and certificates, ensuring they are protected and easily accessible when needed.
  • Key Management
    Create and control the encryption keys used to encrypt your data.
  • Certificate Management
    Easily provision, manage, and deploy public and private Transport Layer Security/Secure Sockets Layer (TLS/SSL) certificates for use with Azure and your internal connected resources.

The benefits of using Azure Key Vault include:

  • Centralise application secrets
    Centralising storage of application secrets in Azure Key Vault allows you to control their distribution. Your applications can securely access the information they need by using URIs. These URIs allow the applications to retrieve specific versions of a secret. There’s no need to write custom code to protect any of the secret information stored in Key Vault.
  • Securely store secrets and keys
    Access to a key vault requires proper authentication and authorization before a caller (user or application) can get access. Authentication establishes the identity of the caller, while authorization determines the operations that they’re allowed to perform.
  • Monitor access and use
    You can monitor activity by enabling logging for your vaults. You can configure Azure Key Vault to:

    • Archive to a storage account
    • Stream to an event hub
    • Send the logs to Azure Monitor logs

You have control over your logs and you may secure them by restricting access and you may also delete logs that you no longer need.

  • Simplified administration of application secrets
    Security information must be secured, follow a life cycle, and be highly available. Azure Key Vault simplifies the process of meeting these requirements by:

    • Removing the need for in-house knowledge of Hardware Security Modules.
    • Scaling up on short notice to meet your organization’s usage spikes.
    • Replicating the contents of your Key Vault within a region and to a secondary region. Data replication ensures high availability and takes away the need of any action from the administrator to trigger the failover.
    • Providing standard Azure administration options via the portal, Azure CLI and PowerShell.
    • Automating certain tasks on certificates that you purchase from Public CAs, such as enrollment and renewal.

In addition, Azure Key Vault allow you to segregate application secrets. Applications may access only the vault that they’re allowed to access, and they can be limited to only perform specific operations.

Jellyfish integration with Azure Key Vault

Cogito offers seamless integration with Azure Key Vault, enabling secure and straightforward transfer of certificates and private keys (such as TLS credentials) directly from the Jellyfish interface to your Key Vault instance.

During the certificate issuance process in the Jellyfish Portal, a key pair is generated within the user’s browser. Once a certificate is issued, both the certificate and the private key can be securely transferred to a customer’s Azure Key Vault with the click of a button.

Advantages of using Jellyfish with the Azure Key Vault solution:

  • Allows for more external CA support (i.e. no longer limited to Azure choices of Digicert and Global Sign).
  • Can provide certificates to public and private needs across multiple cloud providers to remove the limitation on Private CA capability being limited to Intune certificates.
  • If you generate keys with us you can backup the key and then sent to Azure key vault removing the limitation around no local back option in the Azure service.
  • You can create BYOK (Bring Your own Keys) of any type and avoid Azure limiting this to only Asymetric keys.
  • Jellyfish on premises allows you to use your own HSMs for Key Vault.
  • Remove limitations around multi-region support in Azure Key Vault
  • Add support for Post Quantum Cryptography
  • Interface with your key protection mechanisms in other ways such as though PKCS#11.

Download our Azure Key Vault Fact Sheet below