Importance Of Secure Key Management using Azure Key Vault
The protection of private keys is of critical importance for the security and privacy of information protected using these keys. Azure Key Vault allows keys to be created that cannot be exported and in the case of the Premium Key Vault, the keys are protected by physical HSMs running in the cloud. “Yo
Introduction to Azure Key Vault
Azure Key Vault Azure Key Vault is a cloud service provided by Microsoft Azure that helps safeguard cryptographic keys and secrets used by cloud applications and services. Key Vault helps provide three main services, which can be accessed programmatically through APIs and includes Secret, Key and Certificat
Attacking Azure Key Vault for Fun
In an earlier blog, we described how Azure Key Vault allows exporting of the key material of certificates by default in most scenarios. So how can we go about exploiting this? The first and most obvious way is to enumerate all Azure Key Vaults that you have access to and simply dumping the keys out. [&helli
Block All Exportable Certificates via Policy
In an earlier blog, a simple PowerShell script was provided that allows all certificates within all Key Vaults to be dumped as PKCS#12 files. In theory, a simple fix for this is to create and apply a policy to block all Exportable Certificates via Policy – Using Azure policy, you can create a policy