Azure Security Tutorial #4 – Create Key Vault

 

From previous blog, you had learn create network security group.

Today, you will learn how to Create Azure Key Vault and create a key that will be used for SQL Server TDE key protection.

Set up an Azure Active Directory Service Principal

Before set up a Azure AD Service Principal, open notepad and copy following text and paste it into the notepad.

AppID:
ObjID:
spKey:
KeyVaultURL:

key vault note

  1. Search Azure Active and click the serviceapp reg
  2. Select ‘App registration’app reg
  3. Click ‘+ New application registration’app reg
  4. Type name and sign-on URL.
    Name Application Type Sign-on URL
    securityworkshop### Web app / API http://contosoworkshop###.com

    Note: Please replace ### into random 3 digit.

    app reg

    Click to finish the application registration.

  5. Click your applicationapp reg
  6. Copy Applicatoin ID and Object ID and paste them to your notepadapp reg
  7. To create a key, click the ‘Keys’app reg
  8. Type descriotion and select expires as ‘In 1 year’ and click ‘Save’app reg
  9. When a key is saved, you’ll see password on the screen. Copy the vaule and paste it to your notepad.app reg
  10. When application registration is done, please make sure you have AppID, ObjID and the password vaule on your note.app reg

Create a Key Vault

  1. Click ‘+ New’ and search Key Vault. And click “Create’
  2. Type new key vault name and select your resource group.
    Name Subscription Resource Group Location Pricing tier Access policies
    safevault### yoursubscription workshop-### west us Standard 1 principal selected

    app reg

  3. Click ‘Access policies’ and click ‘+ Add new’app reg
  4. Select ‘Key, Secret, & Certificate Management’app reg
  5. Click ‘Select principal’. And then search ‘securityworkshop###’ and click service principal fomr the result.app reg
  6. Check cryptographic operation ‘Decrypt’, ‘Encrypt’, ‘Unwrap Key’, ‘Wrap Key’, ‘Verify’ and ‘Sign’.app reg
  7. Click ‘OK’app reg
  8. Click ‘Create’app reg
  9. When a Key Vault is created, copy Key Vault DNS Name and paste it to your note.app regYour note should have all four vaules like following.app reg

Add a Key

  1. Click ‘Keys’ and then click ‘+ Add’app reg
  2. Type name to create an new key. Please name it as ‘securityworkshopkey‘. And then click ‘Create’app reg

In Next , we will learn about Create SQL Server Virtual Machine.

About engsoon

Eng Soon is a 4-time Microsoft MVP and has nearly 5 years of experience building enterprise system in the cloud.He is also a Certified Microsoft Azure.Eng Soon also have strong technical skills and analytic skill. As a developer, Besides the development task, he also involved in Project Management, Consulting, and Marketing. He has a passion for technology and sharing what he learns with others to help enable them to learn faster and be more productive. He also took part as speaker in many nationwide technical events, such as Conference, Meetup and Workshop. Currently, looking for opportunity in Cyber Security which include Cloud Security and Application Security.

View all posts by engsoon →

Leave a Reply

Your email address will not be published. Required fields are marked *