Azure Key Vault Managed HSM is generally available
Published date: June 21, 2021
Azure Key Vault Managed HSM (hardware security module) is now generally available.
Managed HSM offers a fully managed, highly available, single-tenant, high-throughput, standards-compliant cloud service to safeguard cryptographic keys for your cloud applications, using FIPS 140-2 Level 3 validated HSMs.
Key features and benefits:
- Fully managed, highly available, single-tenant, high-throughput HSM as a service: You don't need to provision, configure, patch, and maintain HSMs for key management. Each HSM cluster uses a separate customer-specific security domain that cryptographically isolates your HSM cluster.
- Access control, enhanced data protection, and compliance: Centralize key management and set permissions at key level granularity. Managed HSM uses FIPS 140-2 Level 3 validated HSMs to help you meet compliance requirements. Use private endpoints to connect securely and privately from your applications.
- Integrated with Azure services: Encrypt data at rest with a customer managed key in Managed HSM for Azure Storage, Azure SQL, and Azure Information Protection. Get complete logs of all activity via Azure Monitor and use Log Analytics for analytics and alerts. Some third party solutions are also integrated with Managed HSM.
- Uses the same API as Key Vault: Managed HSM allows you to store and manage HSM-keys for your cloud applications using the same Key Vault APIs, which means migrating from vaults to managed HSM pools is very simple.
We received feedback from customers all over the world spanning many industry segments during public preview. We are incorporating that feedback and will continue to add more features in coming months to address key management, auto-rotation, multi-region higher availability, new key types and algorithms, and many more including a pricing update.
Azure Key Vault Managed HSM is another service that is built on Azure's confidential computing platform. Azure confidential computing protects the confidentiality and integrity of your data and code while it's processed in the public cloud.
Learn more about confidential computing.
Region availability:
- East US, West US, East US 2, Central US, South Central US, Canada Central
- North Europe, West Europe, UK South, Switzerland North, South Africa North
- Australia Central, Korea Central, Southeast Asia, East Asia