Forum Discussion

jaish mathews's avatar
jaish mathews
Copper Contributor
Feb 07, 2018

Azure Service Principal - How to secure the keys

For an Azure Service Principal, we have below keys in config file <add key="SubscriptionId" value="" /> <add key="ClientId" value="" /> <add key="ClientSecret" value="" /> <add key="TenantId" va...
Azure Resource Management
Kent Gaardmand's avatar
Kent Gaardmand
Iron Contributor
Feb 10, 2018
you could store the values in a key vault and retrieve them when needed through the UI. Is this what you had ïn mind ?
  • jaish mathews's avatar
    jaish mathews
    Copper Contributor
    Feb 12, 2018

    Key-vault service I didn't use, but what I understood is that key-vault keys can belongs to a specific PaaS service like Storage Account or any similar kind. Once accessing such PaaS services using a URL, you add this additional key-vault value to it. Also to access key-vault, you may need to keep another key for it locally and need to think how to secure that.

    But my scenario is that I am doing an automation tool which will create different PaaS services in Azure using ARM templates. So any such management activity needs a single master login mechanism e.g. Service Principle, which includes multiple keys. I need to keep these keys securely without bound with any specific PaaS services and can use it whenever want to login to Azure. Currently I kept these keys inside my application config file and tool internally reading this config values during login.

Resources