Azure Credential Management

Use cases

To manage and safe guard the credentials. What are the credentials?

  1. Certificates
  2. Keys
    1. API Keys
    2. Encryption Keys (It’s recommended to use RSA-Keys to encrypt data at rest)
    3. Storage Keys
    4. Event Hub Access Keys
  3. Values
    1. DB Connection strings

There available services on Azure are as follows:

  • Key/Vault
  • HSM
  • HashiCorp Vault

  • HSM kinds and both support FIPS (Federal Information Processing Standard) 140-2 Level 3.


  • Consider your organizational data security compliance by provisioning the HSM e.g.
    • Soft delete retention period e.g. 60 days
    • Purge protection enabled
    • Fully isolated private endpoint
    • Logging enabled
    • Specify the allowed region
Managed vs. Dedicated
  • HSM hosted in a MS datacenter that is connected directly to a customer virtual network (VNet).

  • It obtains a private IP address from the VNet address space.

  • MS doesn’t have any access to HSM and the customer is a full administrative access and functionality.
  • Security Domain (It’s the disaster recovery solution)Doesn’t need
    Dedicated HSM Availability & Disaster Recovery Model
    Managed HSM Availability & Disaster Recovery Model

    The following features provide the availability & disaster recovery requirements:

    • Security Domain
    • Soft Delete + Retention Period
    • Purge protection
    HashiCorp Vault

    Published by parisamoosavinezhad

    - Software Engineer - Software Architect - Software and database specialist - Cloud solution architect

    One thought on “Azure Credential Management

    Leave a Reply

    Fill in your details below or click an icon to log in: Logo

    You are commenting using your account. Log Out /  Change )

    Twitter picture

    You are commenting using your Twitter account. Log Out /  Change )

    Facebook photo

    You are commenting using your Facebook account. Log Out /  Change )

    Connecting to %s

    %d bloggers like this: