Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Key Vault documentation #25039

Closed
2 tasks done
vcolin7 opened this issue Jun 30, 2022 · 1 comment · Fixed by #25602
Closed
2 tasks done

Update Key Vault documentation #25039

vcolin7 opened this issue Jun 30, 2022 · 1 comment · Fixed by #25602
Assignees
@mccoyp
Labels
Client This issue points to a problem in the data-plane of the library. Docs KeyVault
Milestone
2022-08

Comments

@vcolin7
Copy link
Member

vcolin7 commented Jun 30, 2022
edited by mccoyp

We need to update the Key Vault documentation in a few places:

  • Authentication in Samples: Our samples should show the use of Managed Identity instead of Service Principals with Client Secrets as the default authentication method. We can still show how to use the former for scenarios where the use of Managed Identity is not possible.
  • Cryptographic operations using CBC and CBCPAD: We should make it clear that there are some considerations to have when using these algorithms for local cryptographic operations using our clients:
    • We should add a notice similar to the following:

      Microsoft recommends you not use CBC without first ensuring the integrity of the ciphertext using an HMAC, for example. See https://docs.microsoft.com/dotnet/standard/security/vulnerabilities-cbc-mode for more information.

    • When it comes to a user provided IV, we should make it clear that if they pass their own IV, they need to make sure they use a cryptographically random, non-repeating IV. Here's an example:

      Optional initialization vector (IV). If you pass your own IV, make sure you use a cryptographically random, non-repeating IV. If null, a cryptographically random IV will be choosing using {RandomNumberGenerator | whatever cryptorng your language provides}.
@vcolin7 vcolin7 added Docs KeyVault Client This issue points to a problem in the data-plane of the library. labels Jun 30, 2022
@vcolin7 vcolin7 added this to the 2022-08 milestone Jun 30, 2022
@vcolin7
Copy link
Member Author

vcolin7 commented Jul 19, 2022

You can refer to this Java PR for the second item (CBC crypto).

@mccoyp mccoyp mentioned this issue Jul 23, 2022
Merged
6 tasks
@mccoyp mccoyp mentioned this issue Aug 8, 2022
Merged
6 tasks
@mccoyp mccoyp mentioned this issue Aug 11, 2022
Merged
6 tasks
@github-actions github-actions bot locked and limited conversation to collaborators Apr 11, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@mccoyp mccoyp

Labels
Client This issue points to a problem in the data-plane of the library. Docs KeyVault
Projects
Azure SDK for Key Vault
Archived in project
Milestone
2022-08
Development

Successfully merging a pull request may close this issue.

[Key Vault] Authentication documentation updates mccoyp/azure-sdk-for-python
2 participants
@vcolin7 @mccoyp