Microsoft Security Product Hub

Azure Key Vault

Overview

Azure Key Vault provides centralised creation and storage of secrets such as passwords, API keys, cryptographic keys and certificates. Instead of storing passwords or API keys in an application or script, access can be granted to retrieve the secret. Authentication is performed by Azure Active Directory and Azure RBAC (role-based access control) performs authorisation allowing different access such as updating a secret or viewing a secret.

Azure Key Vault offers software-protected vaults or hardware-protect vaults with the Azure Key Vault Premium tier where vaults are protected by a Hardware Security Module (HSM) administered by Microsoft.

Outcomes

  • Keep secrets out of code repositories, applications and scripts
  • RBAC to control who can view or access specific secrets
  • Replicate secrets across regions to reduce application latency
  • Monitoring of Key Vault access
All
Secure Remote Work
Zero Trust