Skip to main content

General availability: Azure governance policy for Azure Key Vault

Published date: October 26, 2021

A strong enterprise governance strategy is crucial for protecting applications and infrastructure in the cloud.  It enables you to manage risk, compliance, continuity, and security. Organizations use Azure Key Vault to create and manage secrets, certificates, and cryptographic keys to safeguard azure applications and services. 

Today we are taking governance a step further. Azure Key Vault will not only serve as a safeguard for your secrets but will also empower security officers to enforce security standards at scale to allow you to federate Key Vaults with a set of built-in policy definitions. We are excited to share that integration of Azure Key Vault with Azure Policy has reached general availability and is now ready for production use. This capability is a step towards our commitment to simplifying secure secrets management in Azure, while also enhancing policy enforcements that you can define on Key Vault, keys, secrets and certificates. 
Azure Policy provides the ability to place guardrails on Key Vault and its objects to ensure they are compliant with your organizations security recommendations and compliance regulations. It allows you to perform real time policy-based enforcement and on-demand compliance assessment of existing secrets in your Azure environment. The results of audits performed by policy will be available to you in a compliance dashboard where you will be able to see a drill down of which resources and components are compliant and which are not. Azure policy for Key Vault will provide you with a full suite of built-in policies offering governance of your keys, secrets, and certificates.  

You can learn more on how to Integrate Azure Key Vault with Azure Policy and add a new policy in two easy steps: 

  • Go to Azure portal > Search for Policy> Select Definitions> In the Category Filter, Unselect Select All and select Key Vault. Now you should be able to see all the policies available for Azure Key Vault.

  • Select a policy and the scope you want to apply on. Click the assign button in the top-left corner. Set the policy enforcement selector to Enabled if you want the effect of the policy (audit or deny) to occur. 

Learn more about Azure Policy

Learn more about Azure Policy for Key Vault

  • Key Vault
  • Azure Policy
  • Compliance
  • Features
  • Management
  • Security