每个环境是否需要多个Azure Key Vault？ [英] Do I need multiple Azure Key Vaults for each environment?

问题描述

我正在进行一些初步研究，我无法找到清楚地回答我的问题。计划是有多个环境（即Dev，Prod和
QA）我是否需要为每个环境建立一个新的Azure Key Vault实例，或者我是否能够在它们之间共享数据？ / span>

I am doing some initial research and I am unable to find a clear answer for my problem. The plan is to have multiple environments, (i.e. Dev, Prod, and QA) would I need to have a new instance of Azure Key Vaults for each environment or would I just be able to share the data between them?

推荐答案

我不确定是否有一条硬性规定为每个环境使用不同的密钥保管库。您可以选择将所有对象（密钥，密钥和证书）放在一个保管库或不同的保险库中。

I am not sure if there is a hard and fast rule on whether to use a different Key Vault for each environment. You can choose to have all the objects (keys, secrets, and certificates) in one vault or different vaults.

但是，我认为将它们保存在不同的保险库中是一种很好的做法。对所有环境中的对象使用相同的名称。这使得管理对象更容易，并且更好地服务于Vault的原始目的。如果组织确实不希望与开发团队共享其生产密钥，那么当所有环境的密钥位于同一个保管库中时，所有密钥/密钥/证书的访问策略都不可能，而不是单个对象级别。 

However, I feel it is a good practice to maintain them in different vaults and use the same name for the objects in all environments. This makes managing the objects easier and also serves the original purpose of the vault better. If an organization does not want to share its production keys with the development team, it is not possible when keys for all environments are in the same vault as the access policies are for all keys/secret/certificated and not at the individual object level. 

目前，创建新的密钥保管库本身不需要任何费用，因此我没有看到任何限制沿着这条路径行进的限制。查看我在
上的文章
Azure Key真实世界应用程序中的保险库了解更多详情。

At present, there is no cost involved in creating a new key vault itself so I don't see anything restricting going down this path. Check out my article on Azure Key Vault in a Real World Application for more details.

这篇关于每个环境是否需要多个Azure Key Vault？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！