Richard Slater

Asked: 2018-01-20 06:06:17 +0800 CST2018-01-20 06:06:17 +0800 CST 2018-01-20 06:06:17 +0800 CST

Is it possible to configure the Java Cryptography Architecture to use Azure Key Vault as a crypto provider?

We are currently using ForgeRock as an Identity and Access Management solution, this is being hosted on Infrastructure-as-a-Service machines in Azure, i.e. Virtual Machine Scale Sets. There is a requirement to protect the private keys using FIPS-140-2 validated Hardware Security Modules, HSMs, research has indicated that the only way to achieve that is to use Azure Key Vault.

Now having looked into how to configure an HSM with ForgeRock this appears to be possible because you can change the Java Cryptographic Extensions provider to use the SunPKCS11 provider and configure the provider itself to communicate with the HSM to provide crypto offload.

Is it possible to do the same with Azure Key Vault? For reference, Azure Key Vault doesn't support JCE or PKCS11 natively, despite being backed by Thales nShield family of HSMs.

Is it possible to configure the Java Cryptography Architecture to use Azure Key Vault as a crypto provider?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

Is it possible to configure the Java Cryptography Architecture to use Azure Key Vault as a crypto provider?

0 Answers