Safeguard cryptographic keys and other secrets used by cloud apps and services
Increase security and control over keys and passwords
Create and import encryption keys in minutes
Applications have no direct access to keys
Use FIPS 140-2 Level 2 and Level 3 validated HSMs
Reduce latency with cloud scale and global redundancy
Simplify and automate tasks for SSL/TLS certificates
Enhance data protection and compliance
Secure key management is essential to protect data in the cloud. Use Azure Key Vault to encrypt keys and small secrets like passwords that use keys stored in hardware security modules (HSMs). For more assurance, import or generate keys in HSMs, and Microsoft processes your keys in FIPS validated HSMs (hardware and firmware) - FIPS 140-2 Level 2 for vaults and FIPS 140-2 Level 3 for HSM pools. With Key Vault, Microsoft doesn’t see or extract your keys. Monitor and audit your key use with Azure logging—pipe logs into Azure HDInsight or your security information and event management (SIEM) solution for more analysis and threat detection.
All of the control, none of the work
Use Key Vault and you don’t need to provision, configure, patch, and maintain HSMs and key management software. Provision new vaults and keys (or import keys from your own HSMs) in minutes and centrally manage keys, secrets, and policies. You keep control over your keys—simply grant permission for your own and partner applications to use them as needed. Applications never have direct access to keys. Developers manage keys used for Dev/Test and seamlessly migrate to production the keys that are managed by security operations. Simplify and automate tasks related to SSL/TLS certificates—Key Vault enables you to enroll and automatically renew certificates from supported public Certificate Authorities.
Boost performance and achieve global scale
Improve performance and reduce the latency of your cloud applications by storing cryptographic keys in the cloud, instead of on-premises. Key Vault quickly scales to meet the cryptographic needs of your cloud applications and match peak demand, without the cost of deploying dedicated HSMs. Achieve global redundancy by provisioning vaults in Azure global datacenters—keep a copy in your own HSMs for more durability.
Documentation and resources
Key Vault updates, blogs, and announcements
Azure Key Vault Managed HSM available in public preview
General availability of Azure Monitor for Key Vault and Azure Cache for Redis
Azure Monitor for Key Vault is now in preview
Key Vault bring your own key (BYOK) is now generally available
Azure Key Vault service enhancements now available
Azure Private Link is now generally available in US Government regions