Samples icon indicating copy to clipboard operation
Samples copied to clipboard

Published 20 hours ago verified publisher icon DuendeSoftware

Azure KeyVault integration for key management

Open leastprivilege opened this issue 3 years ago • 4 comments

leastprivilege avatar Jan 15 '21 15:01 leastprivilege

I love the new key management functionality, and I am right now working through how to connect that to a KeyVault using the ISigningKeyStore. I haven't been able to find an elegant way to use the KeyVaults certificate functionality, so I am building my solution to just store the SerializedKey as a secret in the KeyVault.

amadard avatar Apr 22 '22 21:04 amadard

I haven't been able to find an elegant way to use the KeyVaults certificate functionality, so I am building my solution to just store the SerializedKey as a secret in the KeyVault.

Yep, that's how you'd do that integration. The key management is not designed to outsource the key generation itself.

brockallen avatar Apr 23 '22 00:04 brockallen

I haven't been able to find an elegant way to use the KeyVaults certificate functionality, so I am building my solution to just store the SerializedKey as a secret in the KeyVault.

Yep, that's how you'd do that integration. The key management is not designed to outsource the key generation itself.

Good to know, thanks!

Are you considering a future upgrade to allow outsourcing? It would be an enhancement that my security department would appreciate, so they have more control.

amadard avatar Apr 23 '22 00:04 amadard

Are you considering a future upgrade to allow outsourcing?

In that case, I think you'd disable our key management and instead replace the ITokenService. We have had customers do this when they wanted their signing done inside the firewall when their IdentityServer was in the DMZ (if I recall correctly).

brockallen avatar Apr 23 '22 00:04 brockallen