Azure Key Vault is a cloud service that enables the secure storage and access of secrets and keys. Your Verifiable Credentials service stores public and private keys in Azure Key Vault. These keys are used to sign and verify credentials. https://learn.microsoft.com/en-us/azure/active-directory/verifiable-credentials/verifiable-credentials-configure-tenant
How can we find our Public and Private key for verifiable credentials? I can see Recovery, Signing, and Update key in my Key Vault used for VC.
• Recovery, signing, and encrypting are various key management and cryptographic operations that are needed to be selected while creating an access policy for the said user selected thus limiting the scope of operations that can be performed by the keys, secrets and certificates issued by that user.
Similarly,
the private key and the public key of the verifiable credential cannot be accessible by the ‘USER’ as the user has delegated that authority to the application registered in Azure AD with the permissions ‘VerifiableCredential.Create.All’ and this application registered in Azure AD has been granted API permission for the API Verifiable Credential Request Service. Thus, the private key is generated and is with the service principal of the Azure resource which issues a ‘Verifiable credential’ through the registered Azure AD application to create a key, secret, or a certificate in the Azure keyvault.• While the public key is with the key, secret or certificate generated in the Azure key vault thus, completing the nexus of secure communication through the concerned application hosted. Thus, in this way, just based on RBAC (Role Based Access Control) and the ensuing access policy actions created in the key vault, you can create secure communication through the web app without exposing the private and the public keys.
For more information, kindly refer to the documentation link below: -
https://learn.microsoft.com/en-us/azure/active-directory/verifiable-credentials/verifiable-credentials-configure-issuer