![[The AI Show Episode 150]: AI Answers: AI Roadmaps, Which Tools to Use, Making the Case for AI, Training, and Building GPTs](https://www.marketingaiinstitute.com/hubfs/ep%20150%20cover.png)
![[The AI Show Episode 149]: Google I/O, Claude 4, White Collar Jobs Automated in 5 Years, Jony Ive Joins OpenAI, and AI’s Impact on the Environment](https://www.marketingaiinstitute.com/hubfs/ep%20149%20cover.png)
![[Side Project] Maroik: Modern ASP.NET Core 9.0 CMS with Full-Stack Features](https://media2.dev.to/dynamic/image/width%3D1000,height%3D500,fit%3Dcover,gravity%3Dauto,format%3Dauto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F53cfnrge1bqwc7vxdicj.png)
![[FREE EBOOKS] Solutions Architect’s Handbook, The Embedded Linux Security Handbook & Four More Best Selling Titles](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
![How to Survive in Tech When Everything's Changing w/ 21-year Veteran Dev Joe Attardi [Podcast #174]](https://cdn.hashnode.com/res/hashnode/image/upload/v1748483423794/0848ad8d-1381-474f-94ea-a196ad4723a4.png?#)
_ArtemisDiana_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
.webp?#)
![Apple 15-inch M4 MacBook Air On Sale for $1023.86 [Lowest Price Ever]](https://www.iclarified.com/images/news/97468/97468/97468-640.jpg)
Storing 100k keys for bulk retrieval from Azure
We're setting up a device-to-cloud channel using TLS-PSK (Pre-Shared Key), where each device uses a unique key to encrypt communications. Each key is known only to the individual device that uses it and to the server, of course, since the key is symmetric. I'm used to working with devices that use individual X.509 certificates for both identity and encryption, but we couldn’t go that route due to commercial and technical constraints. Initially, I expected a process where the device connects to the server, sends the "name" or ID of the key it will use, and then begins encrypting communications using that key. The server would then retrieve the key from Azure Key Vault using the name/ID and use it to decrypt messages. However, this approach isn’t feasible due to technical limitations, so we'll need to retrieve all keys in bulk when the server starts. Azure Key Vault has a rate limit though, so you won't be able to retrieve 100k keys quickly. What are my options for storing these keys efficiently? So far I’ve considered: Storing the keys in a database, encrypted with a key managed by Azure Key Vault Storing all keys in a single encrypted file in Azure Storage Are there better alternatives? Thanks! Additional details The technical issue that forces us to bulk retrieve all keys is that the server is written in Node.js and the callback that processes an incoming TLS-PSK request only allows synchronous calls; but Key Vault calls are async only and the same goes e.g. for HTTP calls (there a few packages for sync HTTP calls but are labeled as not ok for production). The number of connections is highly variable, so we assume we'll have 10 connections per hour per device We have 10 server instances, each hosted in a container instance.
We're setting up a device-to-cloud channel using TLS-PSK (Pre-Shared Key), where each device uses a unique key to encrypt communications. Each key is known only to the individual device that uses it and to the server, of course, since the key is symmetric.
I'm used to working with devices that use individual X.509 certificates for both identity and encryption, but we couldn’t go that route due to commercial and technical constraints.
Initially, I expected a process where the device connects to the server, sends the "name" or ID of the key it will use, and then begins encrypting communications using that key. The server would then retrieve the key from Azure Key Vault using the name/ID and use it to decrypt messages. However, this approach isn’t feasible due to technical limitations, so we'll need to retrieve all keys in bulk when the server starts.
Azure Key Vault has a rate limit though, so you won't be able to retrieve 100k keys quickly. What are my options for storing these keys efficiently?
So far I’ve considered:
- Storing the keys in a database, encrypted with a key managed by Azure Key Vault
- Storing all keys in a single encrypted file in Azure Storage
Are there better alternatives?
Thanks!
Additional details
The technical issue that forces us to bulk retrieve all keys is that the server is written in Node.js and the callback that processes an incoming TLS-PSK request only allows synchronous calls; but Key Vault calls are async only and the same goes e.g. for HTTP calls (there a few packages for sync HTTP calls but are labeled as not ok for production).
The number of connections is highly variable, so we assume we'll have 10 connections per hour per device
We have 10 server instances, each hosted in a container instance.
![I own Jetbrains license for IDE (IntelliJ, CLion...) and need to propagate them on a VM I've created on my computer. How? [closed]](https://i.sstatic.net/X8RjQ3cg.png)
