Azure Key Vault service enhancements now available
Published date: May 19, 2020
Azure Key Vault is a unified service for secret management, certificate management, and encryption key management, backed by FIPS-validated hardware security modules (HSMs).
Recent enhancements include:
- Enhanced security with Private Link—An optional control that enables you to access your Key Vault over a private endpoint in your virtual network. Traffic between your virtual network and Key Vault flows over the Microsoft backbone network, thus providing additional assurance.
- More choices for BYOK—Some of our customers generate encryption keys outside Azure and import them into Key Vault in order to meet their regulatory needs or to centralize where their keys are generated. Now, in addition to nCipher nShield HSMs, you can also use SafeNet Luna HSMs or Fortanix SDKMS to generate your keys. These additions are in preview.
- Rotation of secrets made easier—Notifications for keys, secrets, and certificates allows you to receive events at each point of the lifecycle of these objects and define custom actions. A common action is rotating secrets on a schedule to limit the impact of credential exposure. Read new tutorial.