question

laoluolapegba avatar image
0 Votes"
laoluolapegba asked suvasara-MSFT edited

Azure key vault use case - Certificate Management for secure file encyption

Our use case is to use azure key vault for managing certificates. the certificates will be issues by entrust CA . the certificates will be used to encrypt and share sensitive files.
Is Azure key vault usable for this use case. Will it integrate with or can an external CA (Entrust ) be used.
Will we be able to integrate our application with azure key vault to share public keys for file encryption and request private certificates for decryption of the files.

azure-key-vault
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

suvasara-MSFT avatar image
0 Votes"
suvasara-MSFT answered suvasara-MSFT edited

@laoluolapegba, yes, this is integration is possible with Azure Key Vault. But the flow depends on the external CA. Azure Key vault can be integrated to external CA's for generating private certs using private keys. Here are the two different flows involved depending on the partnership.

1.Creating a certificate with a Certificate Authority that is partnered with Key Vault:

Digicert and GlobalSign are officially partnered with Azure Key Vault and here is how the cert creation flow takes place,
135841-image.png


Summary: Here, Key vault will be directly communicating with external partnered CA's and creates the certificate.

2.Creating a certificate with a CA not partnered with Key Vault:

This method allows working with other CAs than Key Vault's partnered providers, meaning your organization can work with a CA of its choice.

135737-image.png



Summary: Here Key Vault will not directly interact with external CA instead your application sends the CSR (Certificate Signing Request) to the chosen CA and receives the certificate.


Ref: https://docs.microsoft.com/en-us/azure/key-vault/certificates/certificate-scenarios


Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.







image.png (174.5 KiB)
image.png (263.9 KiB)
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.


Many thanks for the quick response.
So since Entrust CA is not an Azure partner, we are left with the 2nd option - our application will integrate with the Entrust CA .
Unfortunately this presents the same hurdle we are trying to avoid (integrating our application with the CA).
we will have 2 integrations - 1. Entrust CA, 2. Azure key Vault.
We may explore working with one of your partnered CAs. but before then are are any other ideas ?

Thanks

0 Votes 0 ·

@laoluolapegba, we are trying to get more insights on this ask from the respective product team. We'll be right back.

0 Votes 0 ·

@laoluolapegba, Appreciate your patience. For now, there is no other option to choose to except migrating between the partnered solutions. Let us know if you have any queries.

0 Votes 0 ·