Azure Service Principal - How to secure the keys

New Contributor

For an Azure Service Principal, we have below keys in config file

<add key="SubscriptionId" value="" />
<add key="ClientId" value="" />
<add key="ClientSecret" value="" />
<add key="TenantId" value="" />
Is there any azure key vault like service available, where we can securely keep these keys and use it based on demand?

2 Replies
you could store the values in a key vault and retrieve them when needed through the UI. Is this what you had ïn mind ?

Key-vault service I didn't use, but what I understood is that key-vault keys can belongs to a specific PaaS service like Storage Account or any similar kind. Once accessing such PaaS services using a URL, you add this additional key-vault value to it. Also to access key-vault, you may need to keep another key for it locally and need to think how to secure that.

But my scenario is that I am doing an automation tool which will create different PaaS services in Azure using ARM templates. So any such management activity needs a single master login mechanism e.g. Service Principle, which includes multiple keys. I need to keep these keys securely without bound with any specific PaaS services and can use it whenever want to login to Azure. Currently I kept these keys inside my application config file and tool internally reading this config values during login.