To manage and safe guard the credentials. What are the credentials?
- API Keys
- Encryption Keys (It’s recommended to use RSA-Keys to encrypt data at rest)
- Storage Keys
- Event Hub Access Keys
- DB Connection strings
There available services on Azure are as follows:
- HashiCorp Vault
- HSM kinds and both support FIPS (Federal Information Processing Standard) 140-2 Level 3.
For more info refer to COMPUTER SECURITY RESOURCE CENTER.
- Consider your organizational data security compliance by provisioning the HSM e.g.
- Soft delete retention period e.g. 60 days
- Purge protection enabled
- Fully isolated private endpoint
- Logging enabled
- Specify the allowed region
Managed vs. Dedicated
|Security Domain (It’s the disaster recovery solution)||Doesn’t need|
Dedicated HSM Availability & Disaster Recovery Model
Managed HSM Availability & Disaster Recovery Model
The following features provide the availability & disaster recovery requirements:
- Security Domain
- Soft Delete + Retention Period
- Purge protection