I am amazed how deep you are going in your explanation, As a professional I always check different resource, read and view online resources to get the full picture but you my friend had the power to put all that effort in one video and it was super clear. 2 thumbs up and hat off.
I know this is an older video but I was just asked to look at Azure Key Vault as a replacement for some on-premises solutions. This video helped immensely. Your videos are just stellar.
Agreed with others, I love how you don't just list key points but I get value out of how they are all connected. Your visual notes are very solid. I watch your videos a few times. Once to hear it without distraction, once to take notes, and then I'm able to pull it all together for real learning. Absolutely Brilliant!
stumbled on your channel early last year and passed Azure exams 900, 500, 104, 303 and 304 by the end of 2021 - thanks to you.....keep up the excellent work... thanks and regards
John, you are absolutely my go-to person on Azure. You are a great teacher. Coming from AWS I have found your resources invaluable. Thank you and keep up the fantastic work. You truly are the hardest worker in the room ;-)
Thanks for this great content. You are criminally under-subscribed. I'm working on AZ-500 with some coworkers and I've recommended they watch your vids.
every single time before I deploy something in Azure I make sure to see if you have a video about the topic since in an hours time with one of your Video saves me countless hours reading other blogs online
What a legend finally understood Key Vault. Everyone has this complicated idea of explaining using powershell the basic concepts however Savill you explained in simple terms and using the Azure console. Great job once again champ
Thank you for all the effort you put into this and your other videos. It's helping me grow my azure knowledge and by extension my career immensely! :) Really appreciate it.
Amazing timing, I'm studying for AZ-500 and was hoping John Savill does a video on AKV :) Appreciate the very clear and detailed review in each of your videos. thank you!
Excellent video! At 34:31, found that interesting. Its the exact thing I have been struggling with. I have a Spring Boot App which is deployed into an AZ App Service. We use AAD OpenId connect to authenticate etc... but when developing and testing on localhost, I store client id, tenant id and secret as standard Windows env variables. These are then picked up automatically by DefaultCredentialBuilders in code to authenticate to App Config and Key Vault. When deployed in AZ, I use a MSI on the app service, and the same DefaultCredentialBuilders pickup the MSI to authenticate to the same app config and key vault.
I like your explanations on most complex topics here. Especially the way you stitching the pieces one by one and giving a whole concept to us unconsciously. One little piece i like to understand the management plane and data plane access of key vault. what it is?
Great video, very informative as always :) The colors (saturation?) made the whiteboard a little hard to read this time? I can't remember noticing it before.
Hi John, it was a great explanation. I have been looking at keyvault and this video cleared some questions I had. I still have one particular question, that I could not find anywhere on the official documentation. Does AKV support key hierarchy? Say I have the BYOK approach where the customer key is at the very top of the hierarchy. And I want to use it to wrap other keys stored in key vault (say these keys would be on Level 2, I should have full control of them, and be protected by the root key). Is that possible?
Think of the control plane as things happening regarding the management of the Azure resource. Creating a resource, modifying a resource, deleting, i.e. ARM. The data plane is more about the functionality of the actual service and its specific interactions such as accessing data in a storage account, running a query against a database or getting secret from a key vault.
Hi, Regarding the key rotation, for encryption-related services, like Az Storage, what will it do with the existing data which were encrypted using the old key? And when the old key is deleted from the vault, how can it decrypt those data?
i'm afraid i didn't understood the idea of best practice "purge protection"=ON . If i would be an attacker with enough permissions i would not care about purge protection and instead would just delete the complete keyvault-RESOURCE? Do i miss something? thanks for insights. And yes, your videos are OUTSTANDING! Thanks you so match for that "give back" mindset!
ok, sure, i missed that comment on creation: "To enforce a mandatory retention period and prevent the permanent deletion of key vaults or secrets prior to the retention period elapsing, you can turn on purge protection." -->makes sense that delete of resource is blocked when purge protection is activated ;)
Thanks a lot John for such a nice and informative video on key vault. It is very helpful . Can you please let me know regarding my below question . "Normally in actual web applications we need to keep various environments for testing our app. like DEV,QA ,UAT and Prod. SO my question is what will be recommended solution if I want to use KeyValut for storing secrets and app settings with AppService. Is it recommended to have separate Key Vault for each environment like KeyVault for DEV,KeyVault for QA, KeyVault for UAT or KeyVault for PROD, OR Is it fine to user different versions of secrets per environment?"
Thanks a lot John for reply. So do mean as a best practice it is common to keep key vaults per environment and on top of that go for rbac mode instead of access policy to get more flexibility? Please advise.