Azure Key Vault Deep Dive (AZ-500)
Рет қаралды 74,351
Күн бұрынA deep dive into Azure Key Vault covering everything you ever wanted to know including permissions, network access and actually using!
Whiteboard at github.com/johnthebrit/Random...
Example file at github.com/johnthebrit/Random...
0:00:00 Introduction
0:01:00 Secrets, keys and certificates
0:05:09 Azure Key Vault overview
0:10:15 Versions of objects
0:10:57 Tiers of Azure Key Vault
0:15:52 Managed HSM option
0:18:52 Version demo
0:20:45 Soft delete and purge protection
0:22:55 Key Vault permissions
0:27:48 Resource (Azure and on-premises) auth to Key Vault
0:37:35 Network connectivity controls
0:41:15 Azure Key Vault replication
0:43:13 Vault backup and restore
0:47:20 Azure Policy with Key Vault
0:49:55 Best practices
0:55:09 Key rotation
1:01:55 Summary
1:03:45 Closing encryption demo with Key Vault
1:07:15 Close
@Najddergham 3 жыл бұрын
I am amazed how deep you are going in your explanation, As a professional I always check different resource, read and view online resources to get the full picture but you my friend had the power to put all that effort in one video and it was super clear. 2 thumbs up and hat off.
@NTFAQGuy 3 жыл бұрын
Wow, thank you
@niraj7616 3 жыл бұрын
Forever grateful for these excellent videos 🙏😁
@NTFAQGuy 3 жыл бұрын
Glad you like them!
@4kash90 2 жыл бұрын
These courses are much better than some paid learnings you find online, forever grateful for these videos.
@LiquaFoo Жыл бұрын
Great overview. Thanks John your videos are always super helpful.
@alexgraham3529 6 ай бұрын
I needed a refresher on KV - and where best to look but here - Again great work john, appreciate the effort.
@NTFAQGuy 6 ай бұрын
Much appreciated!
@jimparsons8485 3 жыл бұрын
Agreed with others, I love how you don't just list key points but I get value out of how they are all connected. Your visual notes are very solid. I watch your videos a few times. Once to hear it without distraction, once to take notes, and then I'm able to pull it all together for real learning. Absolutely Brilliant!
@NTFAQGuy 3 жыл бұрын
Very kind, thanks. Glad it helps
@DanFre40 3 жыл бұрын
I like how this video is full of "key points" :) Thank you for all these videos, I'm learning a lot of very useful information from them.
@NTFAQGuy 3 жыл бұрын
Lol
@Stateoftheheart 2 жыл бұрын
Thanks John, very well explained! I have a much better understanding on KV now :) Appreciate all the time & effort that goes into these videos.
@danielheidemann7531 3 жыл бұрын
Quite awesome! Keep it on. You help many admins, engineers and architects with such great videos. Greetings from Germany :)
@NTFAQGuy 3 жыл бұрын
Thanks, will do!
@psymonious 2 жыл бұрын
I am just setting up key vaults in our environments and this helped me a lot. So much information densely packed into roughly an hour. Superb content!
@NTFAQGuy 2 жыл бұрын
Glad it was helpful!
@jonathanku8599 Жыл бұрын
every single time before I deploy something in Azure I make sure to see if you have a video about the topic since in an hours time with one of your Video saves me countless hours reading other blogs online
@animeshsingh1182 Жыл бұрын
Awesome stuff John. Really helped to get a deep understanding of Key Vault. Thanks :)
@ricardovazquez4333 3 жыл бұрын
Excellent video. Would zoom in for us folks watching on the cell phone
@ashleyjacob2614 2 жыл бұрын
stumbled on your channel early last year and passed Azure exams 900, 500, 104, 303 and 304 by the end of 2021 - thanks to you.....keep up the excellent work... thanks and regards
@NTFAQGuy 2 жыл бұрын
Awesome job, congrats! ☁️🤙💪
@rabb3255 3 жыл бұрын
So good I watched it twice. Sitting AZ-500 (again!) tomorrow, thank you John, you are a legend!
@NTFAQGuy 3 жыл бұрын
Good luck
@jamesdeverew7026 2 жыл бұрын
Great videos! Really like your training, so detailed!
@solad3 2 жыл бұрын
John, you are absolutely my go-to person on Azure. You are a great teacher. Coming from AWS I have found your resources invaluable. Thank you and keep up the fantastic work. You truly are the hardest worker in the room ;-)
@NTFAQGuy 2 жыл бұрын
Thank you! 💪🤙
@JD-du3qe 3 жыл бұрын
Amazing timing, I'm studying for AZ-500 and was hoping John Savill does a video on AKV :) Appreciate the very clear and detailed review in each of your videos. thank you!
@NTFAQGuy 3 жыл бұрын
Good luck
@jonathancortes5719 3 жыл бұрын
Awesome video as always, John. Would love to see a video on the new Verifiable Credentials service.
@shoham00 2 жыл бұрын
Nicely done. I was trying to get a sense of the features and limitations of AKV and this really did the trick.
@NTFAQGuy 2 жыл бұрын
very welcome
@RT-xt9cz 2 жыл бұрын
Awesome Material with full of key points, especially with use cases! Thank you!!
@NTFAQGuy 2 жыл бұрын
Very welcome
@acarmichael2000 2 жыл бұрын
Thanks for this great content. You are criminally under-subscribed. I'm working on AZ-500 with some coworkers and I've recommended they watch your vids.
@NTFAQGuy 2 жыл бұрын
Hehe very kind.
@danielkassa5196 11 ай бұрын
Glad the world has you. Fabulous work.
@SecurityMadeSimple 3 жыл бұрын
What a legend finally understood Key Vault. Everyone has this complicated idea of explaining using powershell the basic concepts however Savill you explained in simple terms and using the Azure console. Great job once again champ
@NTFAQGuy 3 жыл бұрын
Thanks!
@PraveenGangasani 3 жыл бұрын
I really like your explanation and visual representation. Thank you
@NTFAQGuy 3 жыл бұрын
You're very welcome!
@SuperNova-py1ec 2 жыл бұрын
Great video. You make a complicated concept easy to understand. Thanks!
@NTFAQGuy 2 жыл бұрын
You're welcome!
@hardikdesai24 2 жыл бұрын
Azure Key Vault is now easy for me. Thank you John for explaining it nicely.
@NTFAQGuy 2 жыл бұрын
Glad to help!
@mohsin816 2 жыл бұрын
Super informative video. Thank you for all the effort you put in for making these videos 🙏
@NTFAQGuy 2 жыл бұрын
You are very welcome.
@yulaw3289 Ай бұрын
thanks a lot for great video with clear explanation!
@iamdedlok 3 жыл бұрын
Fantastic video John! Thanks for putting in such effort in producing the video. It's evident that you plan the sections of the video :) Braincells++ !
@NTFAQGuy 3 жыл бұрын
Thank you!
@oscarsangularchannel3956 3 жыл бұрын
Awesome material! Thank you
@NTFAQGuy 3 жыл бұрын
My pleasure
@christianibiri 2 жыл бұрын
Very detailed, great content
@spop1974 2 жыл бұрын
Yet again, great stuff!
@RonaldPostelmans 2 жыл бұрын
very nice explanation !
@USONOFAV Жыл бұрын
Thinking about using this with Spring Config Server. Great video!
@chat-jpt Жыл бұрын
Fantastic as always, John, 😎🏃♂👊
@NTFAQGuy Жыл бұрын
🤙
@stephane184 3 жыл бұрын
Excellent video! At 34:31, found that interesting. Its the exact thing I have been struggling with. I have a Spring Boot App which is deployed into an AZ App Service. We use AAD OpenId connect to authenticate etc... but when developing and testing on localhost, I store client id, tenant id and secret as standard Windows env variables. These are then picked up automatically by DefaultCredentialBuilders in code to authenticate to App Config and Key Vault. When deployed in AZ, I use a MSI on the app service, and the same DefaultCredentialBuilders pickup the MSI to authenticate to the same app config and key vault.
@moris7361 2 жыл бұрын
i can't believe this training is for free.. thank you so much, super clear and helpful.
@NTFAQGuy 2 жыл бұрын
Great to hear. Have a great day
@aToa5241 2 жыл бұрын
Excellent video, your content is gold - thank you.
@NTFAQGuy 2 жыл бұрын
Very welcome
@MrMuthukumar2002 2 жыл бұрын
Really great video to get the indepth of key vault. We will not somuch insights when we are raing paid course. Thanks for illumating others also 👋🙏
@NTFAQGuy 2 жыл бұрын
Very welcome 🤙
@faouzigassemi6222 3 жыл бұрын
Excellent as usual !!!
@NTFAQGuy 3 жыл бұрын
Glad you like it!
@gagole1 2 жыл бұрын
Best video for preparing AZ-500 certification
@NTFAQGuy 2 жыл бұрын
Glad you liked it
@keithglass6449 Жыл бұрын
Loved it!
@Ankitsharma-zd3wb 2 жыл бұрын
Thanks a lot.. I watched many other videos but you make it clear .. you are good in this..
@NTFAQGuy 2 жыл бұрын
Thanks!
@krimblikrambli 3 жыл бұрын
52.2K of grateful people, this is pretty impressive! Thanks for your effort, keep it going!
@NTFAQGuy 3 жыл бұрын
Thanks, will do!
@JamesWBurns 10 ай бұрын
this is super deep
@joachimarmbruster5937 2 жыл бұрын
Awesome as always :)
@NTFAQGuy 2 жыл бұрын
Thank you
@jatinnandwani6678 2 ай бұрын
Thanks so much.. this is like outstanding..
@iamnot664 9 ай бұрын
That was great, thank you
@NTFAQGuy 9 ай бұрын
Glad you enjoyed it!
@tugtugg1408 2 жыл бұрын
Super helpful!
@NTFAQGuy 2 жыл бұрын
Glad you think so!
@marcocaviezel2672 3 жыл бұрын
Great video!
@NTFAQGuy 3 жыл бұрын
Thanks!
@numinhaa 2 жыл бұрын
hey ! Really awesome content ! Very well explained ! Regards my friend!
@NTFAQGuy 2 жыл бұрын
Thank you! Cheers!
@chandruonmuzic 2 жыл бұрын
I like your explanations on most complex topics here. Especially the way you stitching the pieces one by one and giving a whole concept to us unconsciously. One little piece i like to understand the management plane and data plane access of key vault. what it is?
@NTFAQGuy 2 жыл бұрын
Control plane is arm interactions . Data plane are key vault api accessing content. I have other videos where I talk about arm and governance
@makal4966 Ай бұрын
can be pretty short Awesome. thank you
@dagchristensen3662 3 жыл бұрын
Great video, very informative as always :) The colors (saturation?) made the whiteboard a little hard to read this time? I can't remember noticing it before.
@NTFAQGuy 3 жыл бұрын
I think my black t shirt messed stuff up :)
@elbar9o9i42 Жыл бұрын
Great
@nedunchezhians8808 2 жыл бұрын
It is real deep dive
@vak21 3 жыл бұрын
Hi John, it was a great explanation. I have been looking at keyvault and this video cleared some questions I had. I still have one particular question, that I could not find anywhere on the official documentation. Does AKV support key hierarchy? Say I have the BYOK approach where the customer key is at the very top of the hierarchy. And I want to use it to wrap other keys stored in key vault (say these keys would be on Level 2, I should have full control of them, and be protected by the root key). Is that possible?
@NTFAQGuy 3 жыл бұрын
It is not a traditional CA which is what I think you want.
@insights3005 3 жыл бұрын
Complete package !!!! anything on ARM template and Parameters ?
@NTFAQGuy 3 жыл бұрын
have many videos about those things on the channel.
@benjaminnewman3833 3 жыл бұрын
Hi John, could you elaborate more on data plane. I see it come up a lot but I never fully understand what encompasses the data plane.
@NTFAQGuy 3 жыл бұрын
Think of the control plane as things happening regarding the management of the Azure resource. Creating a resource, modifying a resource, deleting, i.e. ARM. The data plane is more about the functionality of the actual service and its specific interactions such as accessing data in a storage account, running a query against a database or getting secret from a key vault.
@mtbcyclist 2 жыл бұрын
Great great video. Can you use one or the same key vault across multiple subscriptions?
@NTFAQGuy 2 жыл бұрын
Depends on service and use case
@mtbcyclist 2 жыл бұрын
@@NTFAQGuy is this documented anywhere on Microsoft's site?
@struziu7 3 жыл бұрын
It may be a silly question, but how do you run PowerShell scripts line by line? Thank you John for the great work!
@NTFAQGuy 3 жыл бұрын
press F8.
@MyJapaneseLife 3 жыл бұрын
Hi, Regarding the key rotation, for encryption-related services, like Az Storage, what will it do with the existing data which were encrypted using the old key? And when the old key is deleted from the vault, how can it decrypt those data?
@NTFAQGuy 3 жыл бұрын
watch my video on storage encryption. data is not encrypted directly with these keys.
@petervanoosterom2794 3 жыл бұрын
So you cant store the private key component of cert in a hsm, eg a root certificate of a CA?
@NTFAQGuy 3 жыл бұрын
Correct certs are software protected.
@petervanoosterom2794 3 жыл бұрын
Would you consider that appropriate for certificate signing operations or is AKV not the right tool for the job?
@NTFAQGuy 3 жыл бұрын
@@petervanoosterom2794 I don’t think as key vault as a CA which is what I think you want. Could you custom build a solution on it, I guess.
@markymarkymarky1974 2 жыл бұрын
Does KMK need its own subscription? Or can it go in prod sub etc?
@NTFAQGuy 2 жыл бұрын
Key vault does not have to be in own sub
@jochenjuelke265 2 жыл бұрын
i'm afraid i didn't understood the idea of best practice "purge protection"=ON . If i would be an attacker with enough permissions i would not care about purge protection and instead would just delete the complete keyvault-RESOURCE? Do i miss something? thanks for insights. And yes, your videos are OUTSTANDING! Thanks you so match for that "give back" mindset!
@jochenjuelke265 2 жыл бұрын
ok, sure, i missed that comment on creation: "To enforce a mandatory retention period and prevent the permanent deletion of key vaults or secrets prior to the retention period elapsing, you can turn on purge protection." -->makes sense that delete of resource is blocked when purge protection is activated ;)
@NTFAQGuy 2 жыл бұрын
soft delete and purge protect works if the whole vault is deleted as well.
@amoljoshi7982 2 жыл бұрын
Thanks a lot John for such a nice and informative video on key vault. It is very helpful . Can you please let me know regarding my below question . "Normally in actual web applications we need to keep various environments for testing our app. like DEV,QA ,UAT and Prod. SO my question is what will be recommended solution if I want to use KeyValut for storing secrets and app settings with AppService. Is it recommended to have separate Key Vault for each environment like KeyVault for DEV,KeyVault for QA, KeyVault for UAT or KeyVault for PROD, OR Is it fine to user different versions of secrets per environment?"
@NTFAQGuy 2 жыл бұрын
Common to have key vault per environment but with rbac mode you have more flexibility
@amoljoshi7982 2 жыл бұрын
Thanks a lot John for reply. So do mean as a best practice it is common to keep key vaults per environment and on top of that go for rbac mode instead of access policy to get more flexibility? Please advise.
@3uphoric 2 жыл бұрын
Thank you for all the effort you put into this and your other videos. It's helping me grow my azure knowledge and by extension my career immensely! :) Really appreciate it.
@NTFAQGuy 2 жыл бұрын
Glad it was helpful!
Jose Async
Рет қаралды 48 М.
Nick Chapsas
Рет қаралды 47 М.