Design a sensitive information management strategy

In this post, I will share my study notes that I took while preparing for the exam Azure AZ400 “Design a sensitive information management strategy”.

Evaluate and configure vault solution (Azure Key Vault, Hashicorp Vault)

Azure Key Vault

Good practice is to create a separate vault for each deployment environment of each of your applications, such as development, test, and production. You can use a single vault to store secrets for multiple apps and environments, but the impact of an attacker gaining read access to a vault increases with the number of secrets in the vault.

Exercise - Create a key vault and store secrets - Learn

They can be created via Azure CLI using the create command:

az keyvault create \
    --resource-group learn-6f673cc1-2d87-4b75-87ff-b401bff65a4d \
    --location centralus \
    --name <your-unique-vault-name>

A secret can be set using the set command

az keyvault secret set \
    --name SecretPassword \
    --value reindeer_flotilla \
    --vault-name <your-unique-vault-name>

Access control for an Azure Key Vault is configurable for both the management plane and the data…