Azure Key Vault Secures Keys and Secrets

Azure Key Vault, an online service now in preview, allows customers to manage and secure their cryptographic keys and other application secrets within Azure. Key Vault is a cryptographic key management service based on hardware security modules (HSMs). HSMs are specialized hardware devices that integrate directly with servers and offer secure storage, management, and use of cryptographic keys and secrets. The service could help organizations with governance, risk, and compliance concerns ensure integrity in hosted environments such as Azure, but customers must write code and change their management processes to use the service.

Hardware Secured Keys and Secrets

The main benefit of Key Vault is the ability to secure keys and secrets used by applications to prevent them from being compromised. (For Key Vault, secrets consist of small—under 10KB—pieces of data, such as passwords, that applications can store.) The keys and secrets are safe from malicious actors, competitors, law enforcement, or employees who might abuse them or use them to compromise the integrity of applications or data. Microsoft has no access to keys and secrets that customers store in Key Vault, and the HSMs used comply with Federal Information Processing Standard (FIPS) 140-2 Level 2. Applications can use the keys or secrets by accessing the Key Vault and its HSM-protected storage through PowerShell or an API.