密钥库如何比标准存储更安全? [英] How is a keyvault more secure than standard storage?

问题描述

我试图了解Azure Key Vault可以提供的安全优势(或同等的AWS KMS)

I am trying to understand the security benefits that Azure Key Vault would offer (or equally AWS KMS)

我了解密钥管理的好处，即能够轻松地轮换，更改和审核密钥访问权限.

I understand the benefits of key management, of being able to easily rotate, change, audit key access.

让我感到困惑的是它如何更安全.

What perplexes me a little though is how it is more secure.

据我了解，如果我开发一个Web应用程序并想要保护我的连接字符串(例如)，我可以在Key Vault中创建一个密钥对并将其保存在其中.然后，我在AAD中创建一个应用程序，并使用客户端ID/机密/URI对Key Vault进行身份验证以获取我的连接字符串.通过资源组进一步限制它还有可能的好处.

As I understand it, if I develop a web application and want to protect my connection string (for instance) I can create a key pair in Key Vault and save it there. I then create an application in AAD, and use the client ID/Secret/URI to authenticate to Key Vault to obtain my connection string. There is also the possible benefit of restricting that further by Resource Group.

但是现在这意味着我有一个要保护的客户端ID/机密/URI.

However this now means I have a client ID/Secret/URI to protect.

这如何更好?

P.S.我不是开发人员！我只是想在这些事情上四处摸索，以便从开发者的角度理解它们.因此，如果您可以将答案针对典型的笨手笨蛋，那将不胜感激;)

P.S. I'm not a developer! I just like to poke around in these things to understand them from a devops point of view. So if you could aim your answer at the typical clueless ops guy, that would be appreciated ;)

推荐答案

Azure Key Vault使用Thales的硬件安全模块(HSM).关于HSM的特殊之处在于，它们不会为您提供密钥.您将密钥创建或导入到HSM中.稍后，您将数据提供给HSM，然后HSM将对该数据执行加密操作.例如.加密，解密，散列等.顺便说一下，那些硬件设备确实很昂贵.使用Azure Key Vault，您可以以较低的价格使用此保护.这是使用Azure Key Vault的好处之一.

Azure Key Vault uses Hardware Security Modules (HSMs) by Thales. Special about HSMs is that they do not give you keys. You create or import a key into an HSM. Later on you give data to the HSM and the HSM is executing cryptographic operations on that data. E.g. encrypting, decrypting, hashing ect. By the way, those hardware devices are really expensive. With Azure Key Vault you are able to use this protection for a small price. That's one benefit using Azure Key Vault.

对于您的问题为什么这样更安全:密钥比被盗的单个VM更有价值.如果您的一台虚拟机已被盗用，而您在该虚拟机上拥有加密密钥，那么攻击者将拥有您的密钥.

To your question why this is more secure: Keys are more worth than a single VM that has been compromised. If one of your VMs have been compromised and you would have your encryption keys on that VM, the attacker would have your keys.

如果您的VM上只有客户端ID和机密，则攻击者只有这些凭据，而没有您的密钥.如您所知，即使拥有这些凭据，攻击者也无法从HSM获取您的密钥.这意味着攻击者将能够使用您的凭据在一定时间内执行加密操作.一旦识别出攻击，便会使凭据失效.

If you have only your client ID and secret on your VM, then the attacker has only those credentials but not your keys. And as you know even with those credentials the attacker is not able to get your keys from the HSM. That means the attacker would be able to execute cryptographic operations for a certain amount of time with your credentials. The moment you recognize the attack you invalidate the credentials.

总而言之，差异在于:

没有HSM:攻击者拥有您的密钥，并且可以根据需要使用这些密钥(并且它们是有效的).

Without HSM: the attacker has your keys and can use those keys as long as they want (and they are valid).

使用HSM:攻击者没有您的密钥，仅能使用您的凭据执行加密操作，只要它们有效.

With HSM: the attacker does not have your keys and is only able to execute cryptographic operations with your credentials as long they are valid.

这篇关于密钥库如何比标准存储更安全?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！