Searching in

Enter search term to find items
to navigate, to select, and to close

Azure Key Vault: Rotation Policies

Posted on by Nithin Mohan TK 1 min read

Static secrets are a risk. If a developer checks a connection string into GitHub, you are compromised. The solution is Key Rotation.

Automated Rotation

Azure Key Vault can automatically rotate secrets near expiry. For example, it can:

  • Trigger an Event Grid event.
  • Call an Azure Function.
  • The Function talks to SQL Server to reset the password (`ALTER LOGIN`).
  • The Function updates Key Vault with the new password.

This creates a “Zero Standing Privileges” environment. No human knows the DB password, and it changes every 30 days automatically.

Discover more from C4: Container, Code, Cloud & Context

Subscribe to get the latest posts sent to your email.

Posted in Uncategorized

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.