Do you have an idea or a suggestion for Azure Key Vault based on your experience?

Method for organising secrets in Key Vault (folders/sections)

I'm using key vault as a central key/value configuration repository. I have a lot of configuration keys, so navigating the vault has become tricky.

It would be really great if there was some form of cosmetic layer over the top, so that similar items could be grouped, to make navigation easier.

27 votes
Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)

We’ll send you updates on this idea

Neil Palmer shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

4 comments

Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
Submitting...
  • Anonymous commented  ·   ·  Flag as inappropriate

    I vote for this as well. Managing 100+ key vaults in an enterprise is a PITA. Also building a database to manage this is a PITA as well. Just give me a single enterprise-wide vault that we can segregate keys for various apps.

  • Darcy commented  ·   ·  Flag as inappropriate

    Example I have 3 application nodes. Each application needs to look up a secret from the key vault. The value of each needs to be different, but the name of the secret is the same. i.e., I have 3 secrets with the same name that I want to store in 1 key vault (now multiply that by the number of environments (3) I want to have and now I need 9 keyvaults, for one apiKey!)

    What would be great is if I stored a secret with the name "node1--apikey" and then used the url: https://my-keyvault.vault.azure.net/node1 I would be able to access the a secret by the name "apikey". i.e, if a secret name is delimited by -- and the key vault is accessed with a subfolder(s) that matches the first part of the name only the names that start with that folder are returned.

    Does that make sense?

  • Jon McGuire commented  ·   ·  Flag as inappropriate

    @Amit, he specifically says "configuration repository" -- he isn't using it as a generic name/value database.

  • Amit Bapat commented  ·   ·  Flag as inappropriate

    Key Vault is designed for storing application secrets and cryptographic keys for cloud applications. It is not intended to be used as a name value database and hence we are not planning to add features for such scenarios. If your application needs a large number of name<=>value pairs consider using a database you can also decide to encrypt the data stored in such database for added security, and then store the encryption keys and connection string to your database in the Key Vault.

Feedback and Knowledge Base