Is it approriate to create separate Azure Key Vaults in different Azure Environments?

Question

I'm about to create three different environments within my Azure Subscription. Dev, Test and Prod.

However, I am unsure whether it is common practice to use one Key Vault that contain secrets from all three environments or should I create three separate Key Vaults, one for each RG? What is "Best Practice" when it comes to this?

This will probably be of help: https://learn.microsoft.com/en-us/azure/key-vault/general/best-practices — juunas, Feb 16 '23 at 13:56

score 3 · Accepted Answer · answered Feb 16 '23 at 13:59

3

The recommended choice is to use a vault per application per environment (development, pre-production, and production), per region. This helps you not share secrets across environments and regions. It will also reduce the threat in case of a breach.

answered Feb 16 '23 at 13:59

Joakim Torsvik

75
7

Is it approriate to create separate Azure Key Vaults in different Azure Environments?

1 Answers1