Key Vault

Azure Key Vault allows customers to manage and secure cryptographic keys and other application secrets securely within Azure. The service could help organizations with governance, risk, and compliance concerns, but customers must write code and change their management processes to use the service in most cases.

Service Overview

Key Vault stores keys and secrets that encrypt and decrypt data within applications and services. Key Vault keeps keys and secrets safe from malicious actors, competitors, law enforcement, and employees who might use them to compromise applications or data. Key Vault can also be used to enable organizational control of encryption keys for other Microsoft services, such as Microsoft 365, Office 365 and Azure Information Protection. Microsoft has no access to keys and secrets that customers store in Key Vault.

Key Vault can perform key-based tasks, including signing items, verifying existing signatures, encrypting and decrypting data, and importing, backing up, restoring, and deleting keys. Secret-based tasks Key Vault can perform include creating, updating, listing, and retrieving secrets. Secrets are returned in plain text for applications to consume.