Azure Key Vault Managed HSM available in public preview
Published date: September 22, 2020
A new key management solution -- Azure Key Vault Managed HSM (hardware security module) -- is now available in public preview.
Azure Key Vault Managed HSM offers a fully managed, highly available, single-tenant, high-throughput, standards-compliant cloud service that enables you to safeguards cryptographic keys for your cloud applications, using FIPS 140-2 Level 3 validated HSMs.
Managed HSM is a new resource type under Azure Key Vault, that allows you to store and manage HSM-keys for your cloud applications using the same Key Vault APIs, which means migrating from vaults to managed HSM pools should be very simple.
Why use Managed HSM?
- Fully managed, highly available, single-tenant, high-throughput HSM as a service: You don't need to provision, configure, patch, and maintain HSMs for key management. Each HSM pool consists of multiple HSM partitions that span across multipe availability zones (where availability zones are supported) for zone resiliency with throughput that will scale to your needs. Each HSM pool uses a separate customer-specific security domain that cryptographically isolates each customer's HSM pool.
- Access control, enhanced data protection and compliance: Centralize key management in one place for your high-value keys with granular per key permissions to control access to each key. Allow designated HSM administrators full control over the HSM pool that even management group, subscription admins, or resource group admins cannot override. Managed HSM pools use FIPS 140-2 Level 3 validated HSMs to help you meet compliance requirements.
- Integrated with Azure services: Encrypt data at rest with customer managed key in Managed HSM for Azure Storage, Azure SQL, and Azure Information Protection. Get complete logs of all activity via Azure Monitor and use Log Analytics for analytics and alerts.
Public preview is available in following regions: East US 2, South Central US, North Europe, West Europe. Many more regions will be added in coming months.