Multiple environments, do I need Azure Key Vault for each environment?

I started getting this problem today when I try to use same secret for my second application in a single key vault;

Multiple resources/entities can access a single Key Vault instance – provided they’re all in the same location (data center).

You may choose to segment your keys, secrets and certificates, either by placing them in different Key Vaults or by using different access methods/identities, however that’s not necessary.

The only time you need a separate Key Vault instance is when the resources/entities accessing it are in another location (data center/region).

It’s worth noting that you don’t need to worry too much about provisioning Disaster Recovery for resources using Key Vault, as the SLA Microsoft provide is unsurprisingly good: https://docs.microsoft.com/en-gb/azure/key-vault/key-vault-disaster-recovery-guidance. One caveat to that would be if you’re running IaaS/PaaS instances and want to run a DR fail-over yourself to another data center, at which point you’d need to manually migrate the keys/secrets/certificates in your main Key Vault into another instance (and re-point your VMs accordingly)

Resources

https://docs.microsoft.com/en-us/answers/questions/77182/key-vault-for-multiple-app-service-should-i-create.html

https://docs.microsoft.com/en-us/azure/key-vault/general/best-practices

FavoriteLoadingAdd to favorites
Spread the love

Author: Shahzad Khan

Software developer / Architect