Hey everyone ! As you may know, the Azure Private link is the new security toy, it covers too many Azure Services. I already wrote some articles about it :
- Securely access to the Azure App Service using Private Link
- Deliver and Export an Azure SQL Database securely with Azure Private Link
- Access to a Storage Account using the Private Link
- Automate Azure Private Link using ARM Templates
In this article, It is the Azure Key Vault! Azure Key Vault is covered with Private Link too and it is on GA. So how can we deliver secrets using the Private IP Address ?
Let’s assume that you are working in an environment where the security matters. In other words, your company has a private network and to add secrets to Azure Key Vault, it has to disable the proxies that go to the internet and reach the Key Vault through a private IP Address resolvable.
Creation of Azure Key Vault and Azure Private Link
First, create a Virtual Network; Then create a Key Vault with a private endpoint :
And your Key Vault has a private IP Address
Set a secret through the Private IP using the REST API
Now that you have a resolvable IP Address of the Key Vault, the script below connects to Azure then it gets the access token using the proxy. After that, since we are using the Private Link, we won’t need the proxy to communicate with the Key Vault since it has a private IP.
Note: Don’t forget to set the DNS !