In this video, walk through configuring key management for Azure storage accounts. Familiarly with key management is essential for enforcing least privilege on applications accessing your Azure storage accounts.
- [Instructor] Continuing down the path of securing … Azure storage accounts, you may encounter questions … on the AZ500 exam around configuring key management … for Azure storage and in this case, … I'm talking about those shared keys … that provide root access until they are revoked … or regenerated or rolled. … So we can actually use Azure Key Vault … to automate this process. … Key Vault can lift and rotate storage account keys … periodically on an interval that we specify. … Microsoft guidance here is very clear. … Regenerate your keys using key vault only. … Don't leave this to a manual process. … We can actually take this one step better in some scenarios … using Azure AD authentication … to authenticate our client apps using an identity, … so storage account credentials aren't necessary. … However, Azure AD authentication does not support … all types of Azure storage so this won't be a fix all. … Azure Key Vault can also generate shared access … signature tokens for us. … SAS tokens are better than shared keys …
- Configuring security policies
- Enabling data authentication and auditing
- Configuring security for storage accounts
- Configuring Azure AD authentication
- Configuring security for Cosmos DB and Azure Data Lake