This was the demo for rotation of secrets for services that uses two set of credentials like Storage Account/ Cache for Redis. Then there are services which uses one set of credentials like SQL server. Is there easy way to classify of all azure services?
All you need is to get latest in the app. There is nothing special. You can use SDK or platform with support for auto update. App Services(web app, function app) : Key Vault Reference feature AKS : Secrets CSI Driver VM : Can use App Configuration Service with Key Vault references
You can use that pattern to rotate any access key or password. I created template with instructions here: github.com/Azure/KeyVault-Secrets-Rotation-Template-PowerShell/blob/main/Project-Template-Instructions.md
In this scenario we rotate Azure Cache for Redis Key and storing copy of it in Key Vault for application use. You can use provided in serverless community template to create your own rotation Function to rotate any password/key for any resource .
Awesome Video. I wanted to auto Rotate the 2 access key of my azure Open AI service on every 1 hour schedule. Could you please guide me how can i acheive this.
Key Vault does not scale to short-lived credentials. Also, with this frequency any issue will cause an outage. 1h frequency mostly for dynamic credentials/token based, regardless custom solution outside of Key Vault would be required.
Easy to understand and helpful. Thank you
Hi abhinanda, do you know how to rotate the keys for azure open AI?
@@prashanth4899 open Ai?
@@abhinanda8880 Yes
thanks for sharing this. Is it also applicable to auto rotation of SPN? also what will be best the runtime stack used for that?
For Service Principal is Part 2. I created video here: ruclips.net/video/JMjwBhnCAGk/видео.html
@@azuresecretsmanagement4926 using this, is it possible to rotate multiple SP secret
How different are Azure workload identities from this?
This solutions is to rotate credentials, which could include workload identities like service principal secrets.
This was the demo for rotation of secrets for services that uses two set of credentials like Storage Account/ Cache for Redis. Then there are services which uses one set of credentials like SQL server. Is there easy way to classify of all azure services?
There is no difference in general pattern. SQL supports multiple credentials, so you will have user1/pass1,user2/pass2.
Great video, do we need to change anything in the source code of apps that use that secret?
All you need is to get latest in the app. There is nothing special. You can use SDK or platform with support for auto update.
App Services(web app, function app) : Key Vault Reference feature
AKS : Secrets CSI Driver
VM : Can use App Configuration Service with Key Vault references
Hey!! What if in place of rotating keys for storage, I want to rotate the keys of event hub. How do i do it?
You can use that pattern to rotate any access key or password. I created template with instructions here: github.com/Azure/KeyVault-Secrets-Rotation-Template-PowerShell/blob/main/Project-Template-Instructions.md
Is there other way to achieve Auto Key/Secrets Rotation without using Azure Cache for Redis?
In this scenario we rotate Azure Cache for Redis Key and storing copy of it in Key Vault for application use. You can use provided in serverless community template to create your own rotation Function to rotate any password/key for any resource .
Awesome Video. I wanted to auto Rotate the 2 access key of my azure Open AI service on every 1 hour schedule. Could you please guide me how can i acheive this.
Key Vault does not scale to short-lived credentials. Also, with this frequency any issue will cause an outage. 1h frequency mostly for dynamic credentials/token based, regardless custom solution outside of Key Vault would be required.
excellent