Demo: Key Vault and Disk Encryption

We’ve covered the use case of Azure Key Vault where we can store client secrets, connection strings, and so on. Let’s say we want to have a secure method to encrypt our virtual disks in the development environment, but we don’t want to use Microsoft-managed keys. To do that, we can use customer-managed keys.

By using the customer-managed keys, we have the flexibility to create and manage our own encryption keys according to our organization’s specific security standards. This way we can control the life cycle of the keys, including key rotation, revocation, and auditing. This level of control allows organizations to maintain a higher level of security and compliance.

We can do that with customer-managed keys and this encryption of the VM disks can be done by using a Key Vault resource and a Disk Encryption Set (DES). Azure Key Vault helps safeguard cryptographic keys and secrets that further can be used by our cloud applications and services. Therefore, this key management process helps us encrypt our data.

Get hands-on with 1200+ tech skills courses.