Enhancing security
As we have seen throughout this book, access to DocumentDB is provided by supplying a URI and a key. Microsoft Azure offers the capability to move your secrets away from your application and into Azure Key Vault. Azure Key Vault helps to protect cryptographic keys, secrets, and other information you want to store in a safe place outside your application boundaries (connection strings are also good candidates). Key Vault can help us to protect the DocumentDB URI and its key.
Note
DocumentDB has no (in-place) encryption feature at the time of writing, although a lot of people have already asked for it to be on the roadmap.
Creating and configuring Key Vault
Before we can use Key Vault, we need to create and configure it first. The easiest way to achieve this is by using PowerShell cmdlets. Please visit https://msdn.microsoft.com/en-us/mt173057.aspx to read more about PowerShell.
The following PowerShell cmdlets demonstrate how to set up and configure a Key Vault:
|
Command |
Description... |
|---|
