Demo: Key Vault and Disk Encryption

Perform a hands-on demo to implement disk encryption using a custom-managed key.

We'll cover the following

Setting up a Key Vault resource
Setting up access control
Creating keys
Azure Disk Encryption Set (Azure DES)
- DES CLI commands
Encrypting a VM disk
Some interesting CLI commands
Try yourself

We’ve covered the use case of Azure Key Vault where we can store client secrets, connection strings, and so on. Let’s say we want to have a secure method to encrypt our virtual disks in the development environment, but we don’t want to use Microsoft-managed keys. To do that, we can use customer-managed keys.

By using the customer-managed keys, we have the flexibility to create and manage our own encryption keys according to our organization’s specific security standards. This way we can control the life cycle of the keys, including key rotation, revocation, and auditing. This level of control allows organizations to maintain a higher level of security and compliance.

We can do that with customer-managed keys and this encryption of the VM disks can be done by using a Key Vault resource and a Disk Encryption Set (DES). Azure Key Vault helps safeguard cryptographic keys and secrets that further can be used by our cloud applications and services. Therefore, this key management process helps us encrypt our data.

Get hands-on with 1200+ tech skills courses.

Introduction to the Cloud Architect Program

Cloud Capabilities

Assessment 1: Cloud Concepts

Creating a Simple Web App with a Database and Storage Account

Virtual Machine Types

Automation

Assessment 2: Virtual Machines and Azure Automations

Cost Refining

Monitoring Efficiency

Assessment 3: Cost Refining and Monitoring Efficiency

Integrate Application Insights to the Azure Web App

Security Basics

Protection and Monitoring

Assessment 4: Protection and Monitoring

Conclusion

Demo: Key Vault and Disk Encryption