Azure Key Vault Integration

00:00

as your policy has built in policies that manage keys and certificates in azure key vault.

00:06

Let's look at what those are.

00:08

Here is the list of the available policy definitions for azure key vault,

00:13

the first one you can leverage to manage the certificate validity period of certificates stored in key vault.

00:19

You would like to restrict how long certificate is valid to avoid issuing long live certificates that can compromise security.

00:26

The next built in policy relates to the key types that are allowed.

00:30

You would like to use stronger key generation algorithms like R S A and E C C and, if possible, be backed up by ah hardware security module

00:39

managing certificate. Lifetime action triggers allows you to limit the actions allowed on a certificate

00:45

based on the time remaining toe expiration.

00:48

Managing certificates issued by an integrated CIA or certificate authority allows you to specify what integrated certificate authorities can be used to issue the certificate.

00:58

This policy also allows you to restrict the issuance of self signed certificate.

01:03

There is also policies that allow you to manage the curve names used by issuing elliptical curve cryptography certificates.

01:10

You can also have a policy that specifies the minimum key length for RSA certificates.

01:15

And last but not least, you can monitor certificates that are approaching expiration.

01:21

This will help you prioritize the certificates that need to be renewed.