Protect encrypted keys and other ciphertext and passwords used by cloud apps and services
- Increase security and improve control of keys and passwords
- Create and import encryption keys in minutes
- Apps do not have permission to directly access keys
- Upscale via the cloud with global redundancy to minimize latency
Enhance data protection and compliance
Secure key management is a vital aspect of protection work for data in the cloud. With Azure Key Vault, you can encrypt other keys and ciphertexts, such as passwords, using keys stored in the Key Vault. The way that Key Vault is designed ensures that Microsoft cannot see or extract your keys. If you need to perform further analysis or implement threat detection, you can use Azure logs to monitor and audit keys (to be brought online later) - you can transfer logs via pipelines to Azure HDInsight or your own SIEM system (currently only available in a preview version).
With everything under control, no work is necessary
With Key Vault, there is no need to preconfigure, set up, patch or maintain any key management software. You can preconfigure new vaults and keys in minutes, as well as centrally managing keys, ciphertext passwords and policies. You stay in control of the keys - simply grant permissions to your apps and third-party apps, and then use them as required. Apps do not have permissions to directly access keys. Developers can easily manage keys used for development and testing, and seamlessly migrate them to production keys managed with secure operations.
Improve performance and achieve global scale
Storing encryption keys in the cloud instead of locally increases the performance of cloud apps and reduces latency. Key Vault can be rapidly scaled up to meet the encryption requirements of your apps without the need for other resources. You can preconfigure the Key Vault in Azure global datacenters to implement global redundancy.