i appreciate clarification , advice on following:
my project requires me use symmetric data encryption (using aes), in nodejs environment, secure data on database (mongodb). ideally, follows:
store symmetric key in azure key vault key, make 'encrypt' calls vault perform aes encryption on data key. encrypted data sent in response app , stored in database in encrypted form.
i confused after reading ms azure's documentation , related blog posts, sources claim symmetric key encryption supported, there no official documentation on this.
can advise whether exhaustive list of key types , algorithms supported azure's key vault? https://msdn.microsoft.com/en-us/library/azure/dn903623.aspx#bkmk_keytypes
it seems may option (http://www.nuget.org/packages/microsoft.azure.keyvault.extensions) environments on .net. love nodejs?
so - i'm asking "does ms azure's key vault support symmetric (aes) key/encryption , if so, officially documented?
if indeed symmetric keys/encryption not supported, can offer alternative means approach described above?
thanks , appreciated.
i agree documentation/blogs seem little confusing on topic. understanding key vault not yet support symmetric encryption. believe closest can storing symmetric keys secrets , using them outside of vault.
this article talks doing such. see section heading use key vault secrets
i understand using node.js , example in powershell trying illustrate example of symmetric encryption secret. crypto operations happen outside vault. so, @ rest keys more secure exposed in memory anytime operation occurs.
hope helps.
here example in powershell of creating secret in key vault can used symmetrickey.
symmetrickey sec = (symmetrickey) cloudresolver.resolvekeyasync( "https://contosokeyvault.vault.azure.net/secrets/testsecret2/", cancellationtoken.none).getawaiter().getresult();
Comments
Post a Comment