用于Azure Key Vault存储的目的 [英] Purpose of going for an Azure Key Vault storage
问题描述
但是我不清楚的是连接到Key-Vault,我需要存储在我的应用程序配置中的我的Key-Vault的工件。
如果有人在键值上下降,那么他不会连接到我的钥匙库并读取我的所有钥匙。
如果我应该加密我的本地Key-Vault设置,那么我可以加密我存储在Vault中的密钥呢? Key-Vault的目的是什么?
除了可以存储在安全存储中的客户端证书而不是纯密码,另一方面是Keyvault作为一个加密的oracle。它存储您的密钥,不会释放它们。当您要执行加密操作(加密,解密等)时,将数据发送到Keyvault,而不是从中获取密钥。这样可以确保即使攻击者(甚至是管理员)可以临时访问整个基础设施,他只能在有限的时间内访问您的数据,并且无法获取实际的密钥。另一个好处是可以正确审核任何访问。
I'm new to azure cloud services platform. Today i came across the Key-Vault storage service provided by azure. It has the ability to store application level keys and settings. It is safe and secure with enhanced data protection.
But what i'm not clearly getting is to connect to Key-Vault i need the artifacts of my Key-Vault stored in my application config.
If that is the case when someone eves-drop on the key values will he not connect to my Key-Vault and read all my keys.
If I should encrypt my local Key-Vault settings then I can encrypt the keys which i store in Vault as well right?. What is the purpose of Key-Vault?.
Besides being able to authenticate with client certificates which can be stored in secure stores as opposed to plain passwords, the other point is that Keyvault works as a cryptography oracle. It stores your keys and never releases them. When you want to perform cryptographic operations (encrypt, decrypt, etc.) you send your data to Keyvault, as opposed to getting the key from it. This ensures that even if an attacker (or even an admin) has temporary access to your whole infrastructure, he only has access to your data for a limited time and can never get your actual keys. Another benefit is that any access can be properly audited.
这篇关于用于Azure Key Vault存储的目的的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
