node.js - Is symmetric encryption possible with Microsoft Azure Key Vault? -


i appreciate clarification , advice on following:

my project requires me use symmetric data encryption (using aes), in nodejs environment, secure data on database (mongodb). ideally, follows:

store symmetric key in azure key vault key, make 'encrypt' calls vault perform aes encryption on data key. encrypted data sent in response app , stored in database in encrypted form.

i confused after reading ms azure's documentation , related blog posts, sources claim symmetric key encryption supported, there no official documentation on this.

can advise whether exhaustive list of key types , algorithms supported azure's key vault? https://msdn.microsoft.com/en-us/library/azure/dn903623.aspx#bkmk_keytypes

it seems may option (http://www.nuget.org/packages/microsoft.azure.keyvault.extensions) environments on .net. love nodejs?

so - i'm asking "does ms azure's key vault support symmetric (aes) key/encryption , if so, officially documented?

if indeed symmetric keys/encryption not supported, can offer alternative means approach described above?

thanks , appreciated.

i agree documentation/blogs seem little confusing on topic. understanding key vault not yet support symmetric encryption. believe closest can storing symmetric keys secrets , using them outside of vault.

this article talks doing such. see section heading use key vault secrets

i understand using node.js , example in powershell trying illustrate example of symmetric encryption secret. crypto operations happen outside vault. so, @ rest keys more secure exposed in memory anytime operation occurs.

hope helps.

here example in powershell of creating secret in key vault can used symmetrickey.

symmetrickey sec = (symmetrickey) cloudresolver.resolvekeyasync( "https://contosokeyvault.vault.azure.net/secrets/testsecret2/", cancellationtoken.none).getawaiter().getresult(); 

Comments