Azure Key Vault Flashcards
What is Azure Key Vault?
A cloud service for securely storing and accessing secrets such as API keys, passwords, and certificates.
What are the key features of Azure Key Vault?
Secret management, key management, certificate management, and hardware security modules (HSM).
What types of secrets can Azure Key Vault store?
API keys, passwords, connection strings, and other secrets.
What are the pricing tiers for Azure Key Vault?
Standard and Premium.
What is the difference between Standard and Premium tiers?
Premium supports HSM-backed keys, while Standard does not.
What is a secret in Azure Key Vault?
A value such as a password, API key, or connection string.
What is a key in Azure Key Vault?
A cryptographic key used for encryption, decryption, and signing.
How does Azure Key Vault integrate with Azure Active Directory (Azure AD)?
It uses Azure AD for authentication and access control.
What is the maximum size of a secret in Azure Key Vault?
25KB.
How are secrets versioned in Azure Key Vault?
Secrets are versioned automatically when updated.
What is soft delete in Azure Key Vault?
A feature that allows deleted keys and secrets to be recovered within a retention period.
What is the default retention period for soft deleted items in Key Vault?
90 days.
How can you access Azure Key Vault programmatically?
Using REST API, SDKs, or Azure CLI.
What is a vault access policy?
A set of permissions that determine what operations a user or service can perform in a vault.
How can you monitor activities in Azure Key Vault?
Using Azure Monitor, Log Analytics, and diagnostic logs.
What is the purpose of Azure Key Vault Managed HSM?
To provide dedicated HSMs for high-security key management.
What is a key rotation policy in Azure Key Vault?
A policy that defines how often a key should be automatically rotated.
What is the maximum number of keys you can store in a Key Vault?
Depends on the vault’s pricing tier and resource limits.
Can Azure Key Vault be used for encryption at rest?
Yes, it integrates with services like Azure Storage for encryption at rest.
How does Azure Key Vault handle encryption keys?
It supports both software- and hardware-based key management.
What is Key Vault’s role in TLS/SSL certificate management?
It helps create, manage, and renew certificates securely.
What are access control methods for Azure Key Vault?
Role-based access control (RBAC) and access policies.
What is BYOK in Azure Key Vault?
Bring Your Own Key, allowing customers to import and manage their own keys.
How do you recover a deleted vault?
Using the Azure portal, PowerShell, or CLI if soft delete is enabled.
What is RBAC in Azure Key Vault?
Role-Based Access Control to manage access to Key Vault resources.
How does Azure Key Vault secure access to secrets?
Using encryption both in transit and at rest, and authentication via Azure AD.
What is the purpose of key wrapping in Azure Key Vault?
To encrypt or decrypt keys using a Key Vault managed key.
What are managed identities in Azure Key Vault?
Identity services to securely access Key Vault without hardcoding credentials.
How can you audit Key Vault access?
By enabling diagnostic logging and sending logs to Azure Monitor or Log Analytics.
What is secret purging in Azure Key Vault?
Permanently deleting soft deleted secrets after the retention period.