Azure Key Vault
By Microsoft
Microsoft's cloud key, secret, and certificate management service, available in a shared-hardware Standard tier and an HSM-backed Premium or Managed HSM tier for keys that need dedicated, single-tenant hardware. Integrates tightly with Entra ID for access policy and with most other Azure services for at-rest encryption key management.
Verified Source: 1
- Product type
- Software
- Deployment
- SaaS
- Organization size
- SMBMid-marketEnterprise
- Pricing tier
- Freemium
Capability checklist
KMSHow Azure Key Vault measures up against the full Encryption & Key Management taxonomy.
- Centralized key lifecycle management — supported
- Creates, distributes, rotates, and retires encryption keys from one system.
- HSM-backed key storage — supported
- Stores the most sensitive keys in dedicated hardware security modules.
- Encryption enforcement — supported
- Ensures data at rest and in transit is actually encrypted, not just capable of it.
- Automated key rotation — supported
- Rotates keys on a schedule without requiring manual intervention.
- BYOK / HYOK cloud support — not supported
- Lets customers bring or hold their own keys for data stored in cloud provider services.
- Access audit logging — supported
- Logs every use of a key for security review and compliance evidence.
Alternatives
Other Encryption & Key Management tools with overlapping capabilities, sized for similar teams.