AZURE KEY VAULT
Secure Your Sensitive
Business Information with
Azure Key Vault
Srikantan Sankaran
Azure Key Vault is a cloud-based service that lets organizations securely store sensitive business information. It lets you perform cryptographic operations on the data, and provides a framework for implementing policies to regulate access to appli- cations, as well as an API model for applications to work with the keys, secrets and certificates stored in it. The SDKs that Azure Key Vault provides support a variety of device platforms and program- ming languages, allowing you to choose your preferred language and to deploy these applications to Azure App Service as managed Web applications. To expose these business applications securely
to users both within an organization and outside, Azure Active Directory (Azure AD) and Azure Active Directory B2C (Azure AD B2C) provide turnkey implementations to enable authentication and authorization to the applications with minimal or no custom code. In this article I’ll present a solution that demonstrates how Azure Key Vault can bring enhanced security to your organization.
Use Case Scenario
A central agency is tasked with implementing a solution to issue, track and manage insurance policies for vehicles. The agency gen- erates unique document serial numbers on receipt of orders and payment from insurance companies. These companies, either directly or through their brokers, assign insurance policies to the document serial numbers as they’re sold to motorists. Document serial numbers are unique across all insurance companies.
The goal of the solution is to track the lifecycle of the document serial number. When created, a document serial number contains only its number and the name of the insurance company to which it’s sold. Further into the business process, additional information, such as the vehicle registration, policy document number, identity of the customer and validity period of the insurance policy, will be added. All versions of this record must be tracked, including any changes made, the date and time of the changes, and the identity of the application that made the change.
Customers should be able to access the policy electronically and download the information securely for verification and easy reference.
The Managed Service Identity feature discussed in the article is in public preview. All information is subject to change.
This article discusses:
• Using Azure Key Vault to store sensitive business data as secrets
• Registering ASP.NET 2.0 Core applications with Azure AD and Azure AD B2C to provide turnkey authentication and authorization features
• Generating and reading QR codes in both Web and native apps
Technologies discussed:
Azure Key Vault, Azure App Service, Azure Active Directory, Azure Active Directory B2C, ASP.NET 2.0 Core, Azure SQL Database
Code download available at:
bit.ly/2DRvwdh
46 msdn magazine