Grant Application Access to Secret1 in Azure Key Vault

A

Azure Key Vault provides a way to securely store credentials and other keys and secrets, but your code needs to authenticate to Key Vault to retrieve them.

Managed identities for Azure resources overview makes solving this problem simpler, by giving Azure services an automatically managed identity in Azure Active

Directory (Azure AD). You can use this identity to authenticate to any service that supports Azure AD authentication, including Key Vault, without having any credentials in your code.

Example: How a system-assigned managed identity works with an Azure VM

After the VM has an identity, use the service principal information to grant the VM access to Azure resources. To call Azure Resource Manager, use role-based access control (RBAC) in Azure AD to assign the appropriate role to the VM service principal. To call Key Vault, grant your code access to the specific secret or key in Key Vault.

https://docs.microsoft.com/en-us/azure/key-vault/quick-create-net https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview

The correct answer is C. In Azure Key Vault, create an access policy.

Explanation:

Azure Key Vault is a cloud service that allows you to securely store and manage cryptographic keys, secrets, and certificates. Access to these resources can be granted to users, groups, and applications using Azure AD. To enable an application to use a secret in Azure Key Vault, you need to create an access policy that grants the necessary permissions to the application.

Here are the steps to create an access policy for an application in Azure Key Vault:

1. Go to the Azure portal and navigate to your key vault (Vault1 in this case).
2. Select the "Access policies" menu option in the left-hand menu.
3. Click on the "Add Access Policy" button.
4. In the "Configure from template" section, select "Secret Management".
5. In the "Select principal" section, search for and select the application that needs access to Secret1.
6. In the "Select permissions" section, select the "Get" and "List" permissions for secrets.
7. Click on the "Add" button to save the access policy.

After you have created the access policy, the application will be able to authenticate to Azure AD and access the secret in the Azure Key Vault.

Option A (In Azure AD, create a role) is not correct because creating a role in Azure AD does not provide access to a specific resource like a secret in Azure Key Vault.

Option B (In Azure Key Vault, create a key) is not correct because creating a key is not necessary for granting access to a secret. In fact, creating a key is a different type of operation that is used for managing cryptographic keys.

Option D (In Azure AD, enable Azure AD Application Proxy) is not correct because Azure AD Application Proxy is a service that enables remote access to on-premises web applications. It is not related to granting access to resources in Azure Key Vault.