Azurecloud~30 mins

Storing keys and certificates in Azure - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Storing keys and certificates

📖 Scenario: You are setting up a secure cloud environment in Microsoft Azure. You need to store sensitive information like keys and certificates safely so that your applications can use them without exposing secrets.

🎯 Goal: Create an Azure Key Vault resource, add a key and a certificate to it, and configure access policies to allow an application to use them securely.

📋 What You'll Learn

Create an Azure Key Vault named exactly MySecureVault

Add a key named MyEncryptionKey with RSA type

Add a certificate named MySSLCertificate with a self-signed issuer

Set an access policy to allow an application with object ID 11111111-2222-3333-4444-555555555555 to get keys and certificates

💡 Why This Matters

🌍 Real World

Storing keys and certificates securely in Azure Key Vault is essential for protecting sensitive data and enabling secure application authentication and encryption.

💼 Career

Cloud engineers and security specialists often create and manage Key Vaults to safeguard secrets and control access in enterprise cloud environments.

Progress0 / 4 steps

Create the Azure Key Vault resource

Write an Azure Resource Manager (ARM) template snippet to create a Key Vault resource named MySecureVault in the eastus location with SKU family A and SKU name standard.

Azure

# Your code here

Need a hint?

Use the resource type Microsoft.KeyVault/vaults and set the name to MySecureVault.

Add a key and a certificate to the Key Vault

Add two child resources inside the resources array of MySecureVault: a key named MyEncryptionKey of type RSA, and a certificate named MySSLCertificate with a self-signed issuer.

Azure

{
  "type": "Microsoft.KeyVault/vaults",
  "apiVersion": "2022-07-01",
  "name": "MySecureVault",
  "location": "eastus",
  "properties": {
    "sku": {
      "family": "A",
      "name": "standard"
    },
    "tenantId": "00000000-0000-0000-0000-000000000000",
    "accessPolicies": []
  },
  "resources": [
    # Add key and certificate resources here
  ]
}

Need a hint?

Use child resources with type set to keys and certificates inside the resources array.

Add an access policy for the application

Add an access policy inside the accessPolicies array of the Key Vault properties. The policy should allow the application with object ID 11111111-2222-3333-4444-555555555555 to have get permissions on keys and certificates.

Azure

{
  "type": "Microsoft.KeyVault/vaults",
  "apiVersion": "2022-07-01",
  "name": "MySecureVault",
  "location": "eastus",
  "properties": {
    "sku": {
      "family": "A",
      "name": "standard"
    },
    "tenantId": "00000000-0000-0000-0000-000000000000",
    "accessPolicies": [
      # Add access policy here
    ]
  },
  "resources": [
    {
      "type": "keys",
      "apiVersion": "2022-07-01",
      "name": "MyEncryptionKey",
      "properties": {
        "kty": "RSA"
      }
    },
    {
      "type": "certificates",
      "apiVersion": "2022-07-01",
      "name": "MySSLCertificate",
      "properties": {
        "issuerParameters": {
          "name": "Self"
        },
        "x509CertificateProperties": {
          "subject": "CN=MySSLCertificate"
        }
      }
    }
  ]
}

Need a hint?

Access policies go inside the properties.accessPolicies array. Use the exact objectId and set permissions for keys and certificates to get.

Complete the ARM template with all parts combined

Combine all previous parts into one ARM template JSON object that creates the Key Vault MySecureVault with the key MyEncryptionKey, the certificate MySSLCertificate, and the access policy for the application with object ID 11111111-2222-3333-4444-555555555555.

Azure

{
  # Paste the full ARM template JSON here
  # Your code here
}

Need a hint?

Make sure all parts from previous steps are combined correctly in one JSON ARM template object.