Safeguard cryptographic keys and other secrets used by cloud apps and services
- Increase security and control over keys and passwords
- Create and import encryption keys in minutes
- Applications have no direct access to keys
- Use FIPS 140-2 Level 2 validated HSMs
- Reduce latency with cloud scaling and global redundancy
- Simplify and automate tasks for SSL/TLS certificates
Enhance data protection and compliance
Secure key management is essential to protecting data in the cloud. With Azure Key Vault, you can encrypt keys and small secrets such as passwords using keys stored in hardware security modules (HSMs). For added assurance, you can import or generate keys in HSMs. If you choose to do this, Microsoft will process your keys in FIPS 140-2 Level 2 validated HSMs (hardware and firmware). Key Vault is designed so that Microsoft does not see or extract your keys. Monitor and audit key use with Azure logging – pipe logs into Azure HDInsight or your SIEM for additional analysis and threat detection.
All of the control, none of the work
With Key Vault, there’s no need to provision, configure, patch and maintain HSMs and key management software. You can provision new vaults and keys (or import keys from your own HSMs) in minutes and centrally manage keys, secrets and policies. You maintain control over your keys – simply grant permission for your own and third-party applications to use them as needed. Applications never have direct access to keys. Developers easily manage keys used for Dev/Test and migrate seamlessly to production keys managed by security operations. You can simplify and automate tasks related to SSL/TLS certificates – Key Vault enables you to enrol and automatically renew certificates from supported Public Certificate Authorities.
Boost performance and achieve global scale
Improve performance and reduce the latency of cloud applications by storing cryptographic keys in the cloud instead of on-premises. Key Vault rapidly scales to meet the cryptographic needs of your cloud applications and match peak demand without the cost associated with deploying dedicated HSMs. You can achieve global redundancy by provisioning vaults in Azure global data centres –·keep a copy in your own HSMs for added durability.