KeyVault
Cloud applications and services use cryptographic keys and secrets to help keep information secure. Azure Key Vault safeguards these keys and secrets. When you use Key Vault, you can encrypt authentication keys, storage account keys, data encryption keys, .pfx files, and passwords by using keys that are protected by hardware security modules.
Create KeyVault
The following table shows the steps for the creation of Azure KeyVault and the configuration of Access Policy for RealmJoin LAPS:
2. Start with Create a resource
3. Type in Key Vault in the search field
4. On the detail page click Create
5. Fill out the required fields on the Basic Tab. Please make sure to use a distinct naming scheme for the KeyVault URL. For example: rj-[tenant]-[service]
Note: This is a DNS name, so global unique Press Next.
6. Access configuration Please choose "Vault access policy" for Permission model.
7. Create an Access Policy for RealmJoin Press Create and choose "Key, Secret & Certificate Management" as template. Additional add "Select all" for Cryptographic Operations. Press Next.
8. Add "RealmJoin" as Principal Press Next.
9. Click Create
10. Review your settings and configurations and click Review + Create
11. Wait for the successful deployment
12. Click Go to resource
KeyVault Storage of Secrets
RealmJoin will not store the secret in any proprietary storage but instead create an Azure KeyVault Secret to store it in a secure and auditable way. The KeyVault API is documented here:
The entry in KeyVault will be added with the Azure device ID as a key and the plain GUID as the secret value. See the following example:
Last updated
Was this helpful?