User Profile
somsec
Copper Contributor
Joined 6 years ago
User Widgets
Recent Discussions
Access Azure Key Vault and/or Azure Storage via Site to Site VPN from local network.
The following article explains how to establish a site to site VPN with an Azure VNET (not a public IP space). https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal This article shows how to lock down Azure Key Vault to only allow access from a specific Azure VNET. https://docs.microsoft.com/en-us/azure/key-vault/key-vault-network-security My question is why couldn’t we establish Azure Key Vault in an Azure VNET that is accessible only from a site to site VPN? If we can, it eliminates the “Public IP” access that is concerning to me for access to Credential data. Additionally, this article https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security makes me think we could do the same thing with Azure Storage. The basic approach would be: 1. Establish a Key Vault locked down to the VNET only. 2. Establish a Site to Site VPN with access to the VNET from a local subnet. 3. Update Key Vault Network Security to allow access from the local subnet IP space 4. Voila private access to Key Vault from protect local network space. Does anyone have experience with such a configuration?
Groups
Recent Blog Articles
No content to show