6

I want to use Azure Key Vault for my PAAS application. Is there any way to cache the data instead of making calls every time to Key Vault to retrieve a key?

namrata
  • 2,235
  • 5
  • 28
  • 35
  • Probably, tough I would strongly consider the risks of exposing the sensitive data. It is not in the vault for nothing, if you cache it you might introduce the risk of an unauthorized read of your secrets, depending on the type of cache. – Peter Bons Feb 12 '18 at 20:02
  • You should only cache access token so every call your application doesn't need to reach to oAuth endpoint. Caching secret does not make sense although it is technically feasible. – EagleDev Feb 13 '18 at 03:50
  • 2
    @EagleDev It is often important to cache information retrieved from Key Vault rather than make the same calls repeatedly for the same information. We often see that customers make hundreds of thousands of calls, then run into throttling problems as well as perf issues. – Matt Small Dec 16 '20 at 15:53

2 Answers2

5

Here is a code sample to cache and proxy secrets, keys, and certificates from Azure Key Vault.

Links:

It is a pretty clean way.

Shridhar R Kulkarni
  • 6,653
  • 3
  • 37
  • 57
2

Yes, any of the standard caching mechanisms will still work.

On first request, your app will look in cache first and won't find the value, so it will call KeyVault for value. You'll then store the value in cache so that the next time your application needs the value, it will be retrieved from cache.

You could do in memory, or ideally, something out of process, such as Redis.

Andy T
  • 10,223
  • 5
  • 53
  • 95
  • 13
    I would advise against using something like Redis. Minimize the exposure of security critical secrets by only caching in memory that is as local to the app as possible. – Rich Randall Feb 13 '18 at 17:02