Azure Security Tutorial #4 – Create Key Vault

 

From previous blog, you had learn create network security group.

Today, you will learn how to Create Azure Key Vault and create a key that will be used for SQL Server TDE key protection.

Set up an Azure Active Directory Service Principal

Before set up a Azure AD Service Principal, open notepad and copy following text and paste it into the notepad.

AppID:
ObjID:
spKey:
KeyVaultURL:

key vault note

  1. Search Azure Active and click the serviceapp reg
  2. Select ‘App registration’app reg
  3. Click ‘+ New application registration’app reg
  4. Type name and sign-on URL.
    Name Application Type Sign-on URL
    securityworkshop### Web app / API http://contosoworkshop###.com

    Note: Please replace ### into random 3 digit.

    app reg

    Click to finish the application registration.

  5. Click your applicationapp reg
  6. Copy Applicatoin ID and Object ID and paste them to your notepadapp reg
  7. To create a key, click the ‘Keys’app reg
  8. Type descriotion and select expires as ‘In 1 year’ and click ‘Save’app reg
  9. When a key is saved, you’ll see password on the screen. Copy the vaule and paste it to your notepad.app reg
  10. When application registration is done, please make sure you have AppID, ObjID and the password vaule on your note.app reg

Create a Key Vault

  1. Click ‘+ New’ and search Key Vault. And click “Create’
  2. Type new key vault name and select your resource group.
    Name Subscription Resource Group Location Pricing tier Access policies
    safevault### yoursubscription workshop-### west us Standard 1 principal selected

    app reg

  3. Click ‘Access policies’ and click ‘+ Add new’app reg
  4. Select ‘Key, Secret, & Certificate Management’app reg
  5. Click ‘Select principal’. And then search ‘securityworkshop###’ and click service principal fomr the result.app reg
  6. Check cryptographic operation ‘Decrypt’, ‘Encrypt’, ‘Unwrap Key’, ‘Wrap Key’, ‘Verify’ and ‘Sign’.app reg
  7. Click ‘OK’app reg
  8. Click ‘Create’app reg
  9. When a Key Vault is created, copy Key Vault DNS Name and paste it to your note.app regYour note should have all four vaules like following.app reg

Add a Key

  1. Click ‘Keys’ and then click ‘+ Add’app reg
  2. Type name to create an new key. Please name it as ‘securityworkshopkey‘. And then click ‘Create’app reg

In Next , we will learn about Create SQL Server Virtual Machine.

Leave a Reply

Your email address will not be published. Required fields are marked *