Skip to main content

General availability: Azure Automation Customer Managed Keys

Published date: July 12, 2021

Announcing the general availability of customer managed keys in Azure Automation.  Secure assets in Azure Automation include credentials, certificates, connections, and encrypted variables. These assets are protected in Azure Automation, by default, using Microsoft-managed keys. Now using customer-managed keys , you can manage encryption of these assets with your own keys.

When you specify a customer-managed key at the level of the Automation account, that key is used to protect and control access to the account encryption key for the Automation account. This in turn is used to encrypt and decrypt all the secure assets.

Azure Automation customer managed encryption is supported through integration with Azure Key Vault. You can create your own encryption keys and store them in a Key Vault, or you can use Azure Key Vault API to generate encryption keys.


  • With the introduction of customer-managed keys you can supplement default encryption with an additional encryption layer using keys that you create and manage in Azure Key Vault. This additional encryption should help you meet your organization’s regulatory or compliance needs.
  • Customer-managed keys offer a greater flexibility to create, rotate, disable, and revoke access controls. You can also audit the encryption keys used to protect your secure assets.

You can try out this feature using Azure PowerShell or the Azure REST API. For details, please see the documentation.

Visit UserVoice: To vote for existing requests or create a new request.

Go to MicrosoftQ&A: To ask technical questions or roadmap related queries.

  • Automation
  • Features
  • Services
  • Security

Related Products