Forum Discussion
Azure Key Vault, what is the best practice when accessing is from Power Platform?
Whenever we think about storing secrets, keys securely we use Azure Key Vault, but by default the key vaults are accessible from Internet, and when the client app is built in Power Platform there isn't a way to secure the Azure Key Vault with private endpoint, virtual networking, or firewall. So apart from the usual access policies, monitoring, and alerts, what other defence mechanisms we can utilize to prevent snooping eyes?
The https://learn.microsoft.com/en-au/azure/key-vault/general/overview-vnet-service-endpoints#trusted-services list does not include Power Platform, as expected.
1 Reply
- Just to close the loop, in the end I added the IP ranges from which Power Platform connectors will be connecting in my geography regions. Not ideal, hope in the future the Key Vault firewall supports Service Tags. Tested and everything works.
