- Helps safeguard cryptographic keys and secrets used by cloud applications and services.
- You can encrypt keys and secrets (such as authentication keys, storage account keys, data encryption keys,
.PFXfiles, and passwords) by using keys that are protected by hardware security modules (HSMs). - You can import or generate keys in HSMs. If you choose to do this, Microsoft processes your keys in FIPS 140-2 Level 2 validated HSMs (hardware and firmware).
- HSM = Hardware security module
- Streamlines the key process and enables you to maintain control of keys that access and encrypt your data.
- Developers can create keys for development and testing, and then seamlessly migrate them to production keys.
- Security administrators can grant (and revoke) permission to keys, as needed.
- Administration
- It can be created and managed by an organization's administrator who manages other Azure services for an organization.
- E.g.:
- Administrator would sign in with an Azure subscription, create a vault for the organization in which to store keys, and then be responsible for operational tasks, such as:
- Create or import a key or secret.
- Revoke or delete a key or secret.
- Authorize users or applications to access the key vault, so they can then manage or use its keys and secrets.
- Configure key usage (for example, sign or encrypt).
- Monitor key usage.
- This administrator would then provide developers with URIs to call from their applications, and provide their security administrator with key usage logging information.
- Administrator would sign in with an Azure subscription, create a vault for the organization in which to store keys, and then be responsible for operational tasks, such as:
- E.g.:
- It can be created and managed by an organization's administrator who manages other Azure services for an organization.