Azurecloud~30 mins

Storing secrets in Azure - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Storing secrets

📖 Scenario: You are working on a cloud project where you need to securely store sensitive information like passwords or API keys. Instead of keeping these secrets in your code, you will use Azure Key Vault, a service designed to hold secrets safely.

🎯 Goal: Create an Azure Key Vault resource, add a secret to it, and configure access policies to allow an application to retrieve the secret securely.

📋 What You'll Learn

Create an Azure Key Vault resource with a specific name and location

Add a secret with a given name and value to the Key Vault

Set an access policy to allow a specific principal to get secrets

💡 Why This Matters

🌍 Real World

Storing secrets securely is essential in cloud projects to protect sensitive data like passwords and API keys from exposure.

💼 Career

Cloud engineers and developers often use Azure Key Vault to manage secrets safely and control access in real-world applications.

Progress0 / 4 steps

Create Azure Key Vault resource

Create an Azure Key Vault resource named myKeyVault in the eastus region using the Azure CLI command az keyvault create.

Azure

# Use az keyvault create command to create myKeyVault in eastus
# Your code here

Need a hint?

Use az keyvault create --name myKeyVault --resource-group myResourceGroup --location eastus to create the Key Vault.

Add a secret to the Key Vault

Add a secret named DbPassword with the value MyS3cretPass! to the Key Vault myKeyVault using the Azure CLI command az keyvault secret set.

Azure

az keyvault create --name myKeyVault --resource-group myResourceGroup --location eastus
# Use az keyvault secret set to add DbPassword secret
# Your code here

Need a hint?

Use az keyvault secret set --vault-name myKeyVault --name DbPassword --value MyS3cretPass! to add the secret.

Set access policy for secret retrieval

Set an access policy on myKeyVault to allow the principal with object ID 12345678-1234-1234-1234-123456789abc to get secrets using the Azure CLI command az keyvault set-policy.

Azure

az keyvault create --name myKeyVault --resource-group myResourceGroup --location eastus
az keyvault secret set --vault-name myKeyVault --name DbPassword --value MyS3cretPass!
# Use az keyvault set-policy to allow secret get permission
# Your code here

Need a hint?

Use az keyvault set-policy --name myKeyVault --object-id 12345678-1234-1234-1234-123456789abc --secret-permissions get to set the access policy.

Verify secret retrieval configuration

Verify that the secret DbPassword can be retrieved from myKeyVault by the principal with object ID 12345678-1234-1234-1234-123456789abc using the Azure CLI command az keyvault secret show.

Azure

az keyvault create --name myKeyVault --resource-group myResourceGroup --location eastus
az keyvault secret set --vault-name myKeyVault --name DbPassword --value MyS3cretPass!
az keyvault set-policy --name myKeyVault --object-id 12345678-1234-1234-1234-123456789abc --secret-permissions get
# Use az keyvault secret show to verify secret retrieval
# Your code here

Need a hint?

Use az keyvault secret show --vault-name myKeyVault --name DbPassword to verify the secret.