URLs for learning more keyvaut:ΒΆ
- https://docs.microsoft.com/en-us/azure/key-vault/general/overview :
top level url for azure key vault. contains other interesting links. Done reviewing excepting using the link list to find additional reading
- https://docs.microsoft.com/en-us/azure/key-vault/secrets/quick-create-cli :
Creating and (very superficially) accessing key vault.
- https://docs.microsoft.com/en-us/azure/key-vault/general/manage-with-cli2 :
More detailed version of quick-start. Towards middle, discusses registering an app with azure ad and these three urls:
https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli
- https://docs.microsoft.com/en-us/cli/azure/keyvault?view=azure-cli-latest :
Entire cli keyvault command reference.
- https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal?WT.mc_id=Portal-Microsoft_Azure_KeyVault&tabs=current :
Using Azure AD for keyvault access.
- https://docs.microsoft.com/en-us/cli/azure/keyvault/role/assignment?view=azure-cli-latest :
azcli role assignment creation.
- https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates :
Keys, secrets, and certs doc:
https://docs.microsoft.com/en-us/azure/key-vault/keys/about-keys https://docs.microsoft.com/en-us/azure/key-vault/secrets/about-secrets https://docs.microsoft.com/en-us/azure/key-vault/certificates/about-certificates
- https://docs.microsoft.com/en-us/azure/key-vault/general/best-practices
general high level best practices. Does suggest one kv per app per env. to avoid secrets leaking to other envs and to limit blast radius.
https://docs.microsoft.com/en-us/azure/key-vault/secrets/secrets-best-practices
- https://docs.microsoft.com/en-us/azure/key-vault/general/authentication-requests-and-responsesk
General http/REST put/get operations
https://docs.microsoft.com/en-us/azure/key-vault/general/authentication
- https://docs.microsoft.com/en-us/azure/key-vault/general/access-behind-firewall
Local firewall ports to open so apps/teams can work w/azure storage.
- https://docs.microsoft.com/en-us/python/api/overview/azure/identity-readme?view=azure-python
Python code examples for authenticating to AAD.
https://docs.microsoft.com/en-us/azure/key-vault/general/rbac-guide
- https://docs.microsoft.com/en-us/azure/key-vault/general/security-features
keyvault security overview
- https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/key-vault-security-baseline
keyvault security baseline - think CIS benchmark. I mean literally. Excellent doc for something that should have some automated scanning around it.
- https://docs.microsoft.com/en-us/azure/key-vault/general/overview-vnet-service-endpoints
Very generic overview of kv network endpoints.
- https://docs.microsoft.com/en-us/azure/key-vault/general/network-security
Pretty much a rehash of the kv firewall page.