You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/key-vault/general/best-practices.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -18,7 +18,7 @@ Azure Key Vault safeguards encryption keys and secrets like certificates, connec
18
18
19
19
## Use separate key vaults
20
20
21
-
Our recommendation is to use a vault per application per environment (development, pre-production, and production), per region. Granular isolation helps you not share secrets across applications, environments and regions, and it also reduce the threat if there is a breach.
21
+
Our recommendation is to use a vault per application per environment (development, preproduction, and production), per region. Granular isolation helps you not share secrets across applications, environments and regions, and it also reduce the threat if there is a breach.
22
22
23
23
### Why we recommend separate key vaults
24
24
@@ -31,7 +31,7 @@ Encryption keys and secrets like certificates, connection strings, and passwords
31
31
Recommendations for controlling access to your vault are as follows:
32
32
- Lock down access to your subscription, resource group, and key vaults using role-based access control (RBAC) permission model for data plane.
33
33
- Assign RBAC roles at Key Vault scope for applications, services, and workloads requiring persistent access to Key Vault
34
-
- Assign just-in-time eligible RBAC roles for operators, administrators and other user accounts requiring privileged access to Key Vault using [Privileged Identity Management (PIM)](../../active-directory/privileged-identity-management/pim-configure.md)
34
+
- Assign just-in-time eligible RBAC roles for operators, administrators, and other user accounts requiring privileged access to Key Vault using [Privileged Identity Management (PIM)](../../active-directory/privileged-identity-management/pim-configure.md)
35
35
- Require at least one approver
36
36
- Enforce multi-factor authentication
37
37
- Restrict network access with [Private Link](private-link-service.md), [firewall and virtual networks](network-security.md)
@@ -42,7 +42,7 @@ Recommendations for controlling access to your vault are as follows:
42
42
43
43
Turn on purge protection to guard against malicious or accidental deletion of the secrets and key vault even after soft-delete is turned on.
44
44
45
-
For more information, see [Azure Key Vault soft-delete overview](soft-delete-overview.md)
45
+
For more information, see [Azure Key Vault soft-delete overview](soft-delete-overview.md).
46
46
47
47
## Turn on logging
48
48
@@ -52,7 +52,7 @@ For more information, see [Azure Key Vault soft-delete overview](soft-delete-ove
52
52
53
53
Purge protection prevents malicious and accidental deletion of vault objects for up to 90 days. In scenarios, when purge protection is not a possible option, we recommend backup vault objects, which can't be recreated from other sources like encryption keys generated within the vault.
54
54
55
-
For more information about backup, see [Azure Key Vault backup and restore](backup.md)
55
+
For more information about backup, see [Azure Key Vault backup and restore](backup.md).
0 commit comments