Skip to main content

General availability: Improvements in Azure Key Vault

Published date: February 12, 2024

Announcing the general availability of FIPS 140-2 Level 3 HSMs for Azure Key Vault. For more information on FIPS 140, see Federal Information Processing Standard (FIPS) 140. Azure Key Vault Premium HSMs are now also PCI DSS and PCI 3DS certified, which means that they meet the security requirements of the Payment Card Industry Data Security Standard (PCI DSS) and Payment Card Industry 3-D Secure (PCI 3DS). This is the same compliance level as the HSM devices used by Managed HSM

This new capability comes at no extra cost for existing and new customers. Starting today, all new keys and key versions created in Key Vault Premium are protected by these new HSMs, at no additional cost to you.  We have modernized the HSM fleet that powers Azure Key Vault to ensure the highest industry levels of protection for our customers. SLAs, performance, and other specifications remain the same. Older key versions will continue to work using the original FIPS 140-2 Level 2 HSMs that powered Azure Key Vault.  These improvements have rolled out to all geographies except the UK; availability for the UK will be announced later. 

Call to action 

All customers should create new versions of keys to take advantage of these improvements and migrate their workloads to use these new key versions. For information on how to determine which HSM platform is protecting your key versions, see About keys and Key types, algorithms, and operations. 

For help in choosing between Azure's key management offerings, see How to choose the right key management solution

  • Key Vault
  • Azure Key Vault Managed HSM
  • Features
  • Management
  • Security

Related Products