Azure Storage Secrets RRS feed

  • Question

  • Where to save the secrets ? is keyvault the best option ?
    Wednesday, August 1, 2018 9:37 PM

All replies

  • Azure storage account provides a unique namespace to store and access your Azure Storage data objects.Azure Key Vault Storage Account Keys, developers had to manage their own Azure Storage Account (ASA) keys and rotate them manually or through an external automation. Now, Key Vault Storage Account Keys are implemented as Key Vault secrets for authenticating with an Azure Storage Account.

    The Azure Storage Account (ASA) key feature manages secret rotation for you. It also removes the need for your direct contact with an ASA key by offering Shared Access Signatures (SAS) as a method.

    Key Vault performs several internal management functions on your behalf when you use Managed Storage Account Keys.

    Azure Key Vault manages keys of an Azure Storage Account (ASA).

    •    Internally, Azure Key Vault can list (sync) keys with an Azure Storage Account.
    •     Azure Key Vault regenerates (rotates) the keys periodically.
    •     Key values are never returned in response to caller.
    •    Azure Key Vault manages keys of both Storage Accounts and Classic Storage Accounts.

    Azure Key Vault allows you, the vault/object owner, to create SAS (account or service SAS) definitions.

    ·        The SAS value, created using SAS definition, is returned as a secret via the REST URI path.

    For more information, suggest you to refer Azure Key Vault Storage Account Keys.

    Let me know if there are still any additional questions I can help with.


    If this answer was helpful, click “Mark as Answer” or “Up-Vote”. To provide additional feedback on your forum experience, click here

    Thursday, August 2, 2018 3:33 AM
  • Checking in to see if the above answer helped. Let me know if there are still any additional issues I can help with.

    Saturday, August 4, 2018 11:37 AM