A Key Management Service (KMS) is vitally important to provide secure hosting and cryptography services to help you encrypt and protect sensitive PII from clients with keys. Hydrogen integrates major cloud based KMS solutions into our integration framework, making them compatible with both our Atom centralized fintech library, and Molecule decentralized library.
Microsoft offers a key management service on Azure named KeyVault. KeyVault can manage credentials, keys, and other secrets in a secure environment, with the option to additionally store secrets in a hardware security module (HSM) managed by Microsoft.
SETUP FOR MICROSOFT AZURE KEY VAULT WITH HYDROGEN
To create a Key Vault in Microsoft Azure, please follow the instructions below:
1. Download the Azure CLI, enter your terminal and run:
2. Create a service principal for your app.
az ad sp create --id 00000000-0000-0000-0000-000000000000
3. Create resource group
az group create --name "HydrogenResourceGroup" --location eastus
4. Create Key Vault
az keyvault create --name "HydrogenVault" --resource-group "HydrogenResourceGroup" --location eastus
5. Set an access policy with the name of your service principal (SPN). The service principle defines the policy for an application which you grant permissions to.
az keyvault set-policy --name "HydrogenVault" --spn 00000000-0000-0000-0000-000000000000 --key-permissions decrypt sign