KeyVault Access:
With public access disabled for Azure Keyvaults, the private endpoints (privatelink.vaultcore.azure.net) can be created for azure key valts and will be accessible from VMs within the same virtual network and subnet as that of keyvault private link's virtual network and subnet.
Azure KeyVault can be accessed publicly (outside azure) with allow public networks enabled under networking.
Azure keyvault can be accessed only from certain virtual network with allow public networks only from specified different virtual network.
Links: https://learn.microsoft.com/en-gb/azure/key-vault/general/private-link-service?tabs=portal
Kubernetes & KeyVault:
Azure keyvault can be accessed in kubernetes cluster by configuring "Enable secret store CSI driver" present in "Advanced" tab while creating AKS. After enabling this, you can define azure keyvault in the network accessible by the cluster.
https://azure.github.io/secrets-store-csi-driver-provider-azure/docs/demos/standard-walkthrough/
No comments:
Post a Comment