/Key%20Vault%20(Implementing%20Secure%20Data%20by%20setting%20up%20Always%20Encrypted).jpg)
Key Vault (Implementing Secure Data by setting up Always Encrypted)
About this guide
Lab Scenario
You have been asked to create a proof of concept application that makes use of the Azure SQL Database support for Always Encrypted functionality. All of the secrets and keys used in this scenario should be stored in Key Vault. The application should be registered in Microsoft Entra ID in order to enhance its security posture. To accomplish these objectives, the proof of concept should include:
- Creating an Azure Key Vault and storing keys and secrets in the vault.
- Create a SQL Database and encrypting content of columns in database tables by using Always Encrypted.
Lab Objectives
Exercise 1: Deploy the base infrastructure from an ARM template
- Task 1: Deploy an Azure VM and an Azure SQL database
Exercise 2: Configure the Key Vault resource with a key and a secret
- Task 1: Create and configure a Key Vault
- Task 2: Add a key to the Key Vault
- Task 3: Add a secret to the Key Vault
Exercise 3: Configure an Azure SQL database and a data-driven application
- Task 1: Enable a client application to access the Azure SQL Database service.
- Task 2: Create a policy allowing the application access to the Key Vault.
- Task 3: Retrieve SQL Azure database ADO.NET Connection String
- Task 4: Log on to the Azure VM running Visual Studio 2019 and SQL Management Studio 19
- Task 5: Create a table in the SQL Database and select data columns for encryption
Exercise 4: Demonstrate the use of Azure Key Vault in encrypting the Azure SQL database
- Task 1: Run a data-driven application to demonstrate the use of Azure Key Vault in encrypting the Azure SQL database
Key Vault Diagram
/Key%20Vault%20-%20Solution%20Diagram.png)
Job Skills
The Cloudguides in this series help IT professionals gain practical skills related to making Microsoft Azure environments more secure, including how to implement security controls, manage identity and access, protect data and applications, monitor for threats, and maintain a secure posture across various Azure services.
Career Connections
With the increasing demand for cybersecurity expertise, professionals with the skills from this series can pursue job prospects in roles such as Cloud Security Engineer, Security Analyst, Azure Security Consultant, Security Administrator, and Compliance Manager.
As of 2025, average U.S. salaries range from $103,197 to $143,002 for entry-level roles and $120,201 to $203,652 for professionals with 5 years' experience across positions like Cloud Security Engineer, Security Analyst, Azure Security Consultant, Security Administrator, and Compliance Manager. Please note that these figures are approximate, derived from online sources, and can vary based on factors such as location, industry, and company size.
/Create%20a%20Log%20Analytics%20Workspace%2C%20Azure%20Storage%20Account%2C%20and%20Data%20Collection%20Rule%20(DCR).jpg)
