c# - Is there a way to store secrets which are more than 25KB in Azure Key Vault?

Question

I currently have a json object which i am converting into a string and trying to store in Azure Key Vault. But the size is around 60kb. Is there a way to store this on Key Vault because i read that the size limit is 25lkb.

Answer 1

You may want to look at Azure Blob Client Side Encryption. Essentially it encrypts content before storing it in Blob Storage and then it protects the key using Key Vault. Most of the Blob Storage client libraries have built -in support, making it transparent to you.

In a nutshell, you can store your large secret encrypted in Blob Storage, automatically protected by Key Vault.

In practice, this is what happens inside the blob storage client;

1. A random symmetric encryption key is created.

2. Your data is encrypted on your machine using that key.

3. The encryption key is encrypted using a Public Key provided by KeyVault.

4. The encrypted key is stored in blob storage along with your data data.

When you want to retrieve the data, the storage library will ask Key Vault to decrypt the key and will decrypt the data for you.

This all happens transparently to you. You do need to switch this on, of course. How you do that depends on which storage client you use, so just search for Blob Client Side Encryption and your chosen programming language.