We are being required to start to use Azure Key Vault to store “secrets” such as the password to the SQL servers to which we connect for security. “We” being server side applications written in C++ and running on Linux. Azure seems to be primarily web app oriented, but it does appear that there is at least a python API for Azure Key Vault. So I can see potentially our C++ application executing the python script just to get the password. On the other hand, that still leaves a python script the whole purpose of which is to fetch the SQL server password? How is this secure? I am clearly missing something vital — in particular in how we identify ourselves to the azure key vault in a secure manner so as to prevent someone not us from using this script to get the SQL server password.

We are being required to start to use Azure Key Vault to store “secrets” such as the password to the SQL servers to which we connect for security. “We” being server side applications written in C++ and running on Linux. Azure seems to be primarily web app oriented, but it does appear that there is at least a python API for Azure Key Vault. So I can see potentially our C++ application executing the python script just to get the password. On the other hand, that still leaves a python script the whole purpose of which is to fetch the SQL server password? How is this secure? I am clearly missing something vital — in particular in how we identify ourselves to the azure key vault in a secure manner so as to prevent someone not us from using this script to get the SQL server password.