0

We are using a service principal to create the infra in azure . we want to secure the client secret and for that we are planning to use azure key vault. if we store the client secret in key vault. we would require another service prinicpal to read the secret from the key vault and how do we secure that secret. We want to know how to resolve this and how is it done in enterprise scenario

Thanks

Girish
  • 71
  • 4
  • Can microsoft provide input on this and suggest any approaches – Girish Jul 16 '18 at 06:34
  • How do you provision your infrastructure? You can use VSTS and it will store the service principal for you. – Thomas Jul 16 '18 at 07:48
  • Currently we are just running the scripts to create the infra using terraform and not using any tool such as VSTS . Can we use azure key vault to encryt the service principal secret ? – Girish Jul 19 '18 at 06:10
  • you can store the secret in azure key vault. Terraform is installed on a VM on Azure ??? If so, you can enable MSI on the VM and you will be able to retrieve the secret without any additional credentials – Thomas Jul 19 '18 at 22:00
  • can you please provide the example or the link to do it. – Girish Jul 20 '18 at 07:59
  • let me know if it is helpful: https://learn.microsoft.com/en-us/azure/active-directory/managed-service-identity/tutorial-windows-vm-access-nonaad – Thomas Jul 20 '18 at 09:26
  • Docs are at https://learn.microsoft.com/en-us/azure/key-vault/ – Kirsten Jul 21 '18 at 22:54
  • Possible duplicate of [Access Azure Key Vault stored secret using application not deployed in Azure](https://stackoverflow.com/questions/34022041/access-azure-key-vault-stored-secret-using-application-not-deployed-in-azure) – Kirsten Jul 21 '18 at 22:56

0 Answers0