Trace Id is missing
Skip to main content

Key Vault

Safeguard cryptographic keys and other secrets used by cloud apps and services.

  • " "

    Increase security and control over keys and passwords

  • " "

    Use FIPS 140-2 Level 2 and Level 3 validated HSMs

  • Create and import encryption keys in minutes

  • " "

    Reduce latency with cloud scale and global redundancy

  • " "

    Applications have no direct access to keys

  • " "

    Simplify and automate tasks for SSL/TLS certificates

Enhance data protection and compliance

Secure key management is essential to protect data in the cloud. Use Azure Key Vault to encrypt keys and small secrets like passwords that use keys stored in hardware security modules (HSMs). For more assurance, import or generate keys in HSMs, and Microsoft processes your keys in FIPS validated HSMs (hardware and firmware) - FIPS 140-2 Level 2 for vaults and FIPS 140-2 Level 3 for HSM pools. With Key Vault, Microsoft doesn’t see or extract your keys. Monitor and audit your key use with Azure logging—pipe logs into Azure HDInsight or your security information and event management (SIEM) solution for more analysis and threat detection.

All of the control, none of the work

Use Key Vault and you don’t need to provision, configure, patch, and maintain HSMs and key management software. Provision new vaults and keys (or import keys from your own HSMs) in minutes and centrally manage keys, secrets, and policies. You keep control over your keys—simply grant permission for your own and partner applications to use them as needed. Applications never have direct access to keys. Developers manage keys used for Dev/Test and seamlessly migrate to production the keys that are managed by security operations. Simplify and automate tasks related to SSL/TLS certificates—Key Vault enables you to enroll and automatically renew certificates from supported public Certificate Authorities.

Boost performance and achieve global scale

Improve performance and reduce the latency of your cloud applications by storing cryptographic keys in the cloud, instead of on-premises. Key Vault quickly scales to meet the cryptographic needs of your cloud applications and match peak demand, without the cost of deploying dedicated HSMs. Achieve global redundancy by provisioning vaults in Azure global datacenters—keep a copy in your own HSMs for more durability.

Comprehensive security and compliance, built in

A security center overview in Azure showing policy and compliance data and resource security hygiene
The security center compute and apps tab in Azure showing a list of recommendations

Get started with an Azure free account

1

Start free. Get USD$200 credit to use within 30 days. While you have your credit, get free amounts of many of our most popular services, plus free amounts of 55+ other services that are always free.

2

After your credit, move to pay as you go to keep building with the same free services. Pay only if you use more than your free monthly amounts.

3

After 12 months, you'll keep getting 55+ always-free services—and still pay only for what you use beyond your free monthly amounts.

Related products and services

  • Virtual Machines

    Provision Windows and Linux VMs in seconds.

  • Microsoft Defender for Cloud

    Extend threat protection to any infrastructure.

Use Key Vault with your free account