We will likely use Microsoft Azure Key Vault for secure key management.
System Administrator at a government with 1,001-5,000 employees
Straightforward documentation, secure, and reasonably priced
Pros and Cons
- "It is a managed service in Azure, you do not have to worry about security other than managing your own identities."
- "I can see that other people are doing the infrastructure as code, they are able to easily manage and cycle their passwords as needed using their own interface they created. It would be nice if Microsoft provided more guidance in that area."
What is our primary use case?
How has it helped my organization?
Provide a central, secure repository for keys.
What is most valuable?
It is a managed service in Azure, you do not have to worry about security other than the access. The vaults themselves are inherently secure.
What needs improvement?
It's too early for me to say with certainty, but what I'm seeing thus far is that Key Vault at face value is more of a secure store than it is a password manager. I suspect that we may be able to use logic apps to perform some actions that a password manager would, but a little more focus in this area would be beneficial.
Buyer's Guide
Azure Key Vault
November 2024
Learn what your peers think about Azure Key Vault. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,649 professionals have used our research since 2012.
For how long have I used the solution?
I have been using Microsoft Azure Key Vault for one day.
What do I think about the scalability of the solution?
We have approximately 15 users using the solution in my organization.
How was the initial setup?
The setup of my test files has been easy and the documentation is straightforward.
What about the implementation team?
I handle the implementation of the solution.
What's my experience with pricing, setup cost, and licensing?
The price of the solution is reasonable for what we are using it for.
Which other solutions did I evaluate?
We did not have a great solution in the past. We wanted something better, and everything that I read about Microsoft Azure Key Vault was good. We did evaluate other solutions but we were already using Azure for other things, it made sense to implement Microsoft Azure Key Vault.
What other advice do I have?
Other people's opinions of Microsoft Azure Key Vault seem to be quite good.
I rate Microsoft Azure Key Vault an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Cloud Architect at a marketing services firm with 11-50 employees
Enables you to run infrastructure as code, to fully automate creation, management of, and access to, keys
Pros and Cons
- "All its features are really valuable. It's really well thought-out. It's a complete turnkey solution that has all the concerns taken care of, such as access control and management. You can use it in infrastructure as code to create key vaults, APIs, PowerShells, CLIs, even Terraform."
- "If you check the capabilities of other key management services across Amazon, HashiCorp, and Google, there are features that Key Vault doesn't have. It could be the case that when you use Key Vault, you might be forced to use a third-party solution to get certain services. If those services could be included in Key Vault, there would be diminished reasons to go for a third-party key management system."
What is our primary use case?
I have used the solution on a couple of projects for a client, mainly for storing credentials and secrets, such as API keys and application or username passwords into the vault, as well as certificates.
It is used for anything we need to keep safe and secure and not have users access, except via applications that programmatically access Key Vault and retrieve the secrets and connect to other APIs. That way, we don't supply usernames and passwords within application code or to people. We vault them in Key Vault and those secrets can be used within an application without human intervention.
Azure Key Vault is a SaaS solution.
How has it helped my organization?
You have to have this to make sure that you're compliant with security and governance. One of the main concerns with compliance is how you manage keys and secrets in your cloud environments. You're encrypting your data at rest and in transit, but where do you store the encryption key itself to not become compromised? Key Vault addresses all those concerns. This is one of the main tools and, without it, it's hard to implement and address one of the main pillars of cloud architecture, which is security.
The whole nature of it is to help make things autonomous, because you can run infrastructure as code. That really takes away the human factor and you can fully automate the creation and management of, and access to, the keys, including the rotation of the keys. By taking away the human element, it's really secure. And, implementation-wise, when you're using Key Vault, Microsoft is behind it and they're using the best methods for encryption and ciphering of keys. You don't have to worry about those things.
It really simplifies the whole process, in contrast to needing in-house experts to help you facilitate key management. When it comes to two main concerns, encryption of the data in transit and at rest, it is a service that is with you all the time. It has a low cost and it's ready to implement. You don't have to have 10 developers build something that you don't even know will be successful, versus a service that has already been tested across global enterprise companies.
What is most valuable?
All its features are really valuable. It's really well thought-out. It's a complete turnkey solution that has all the concerns taken care of, such as access control and management. You can use it in infrastructure as code to create key vaults, APIs, PowerShells, CLIs, even Terraform.
You can also use it in different services across the board. If you have app services, or virtual machines, Kubernetes, or Databricks, they can all use Key Vault effectively. In my opinion, in a DevSecOps, DevOps, or even in a modern Azure implementation, you have to use Azure Key Vault to make sure you're addressing security and identity management concerns. By "identity" I mean usernames, passwords, cryptography, et cetera.
It's also a regional solution and it frees you up from using third parties like HashiCorp Vault, for example.
In addition, there is a feature in Azure called managed identities, and when storing your credential or any keys or secrets in that you can have your code use managed identities to access Key Vault. That simplifies the whole process of connecting to Key Vault and retrieving your secrets, passwords, and credentials.
It's a full-blown solution and it supports most breeds of key management: how you store keys and certify.
I can't say that one of its features is better than others. You have to have all of them to make it a competent service, although one of the especially important features is the connection with monitoring and logging, so you can see who had access to what.
What needs improvement?
If you check the capabilities of other key management services across Amazon, HashiCorp, and Google, there are features that Key Vault doesn't have. It could be the case that when you use Key Vault, you might be forced to use a third-party solution to get certain services. If those services could be included in Key Vault, there would be diminished reasons to go for a third-party key management system.
For how long have I used the solution?
I was using Microsoft Azure Key Vault until two years ago, but since then I've been actively using it for two or three different projects.
What do I think about the stability of the solution?
It's stable. There is the SLA and the resiliency that goes with Azure. Because many services are dependent on Key Vault, if it's highly available and redundant, it helps a lot. You can imagine how many times applications would go down if Key Vault were not available. It is one of the high-demand services. Anything that needs to access a key or a certification is dependent on Azure Key Vault.
So far, compared to other services that are available in the Azure environment, I haven't seen anything surprising with the stability or availability of Key Vault.
What do I think about the scalability of the solution?
It's scalable and global in its performance. I have implemented it for one of the largest pharmaceutical companies in the whole world, a company that operates on a global scale. Key Vault is a main ingredient for every one of their infrastructure pieces that is tied to it. The scale of that company in its use of Key Vault was phenomenal.
How are customer service and technical support?
I haven't needed to contact Microsoft support about Key Vault. There have been instances when I have had to talk with Microsoft support about Graph API for Active Directory and other services, and even to the cloud adoption framework team, but never for Key Vault. It is just so straightforward.
How was the initial setup?
The complexity depends on what you're trying to do with Key Vault. It can get complex or it can be simple. You don't expect advanced scenarios to be easy to implement because it has many ingredients. If someone is simply going to Azure portal to create a secret and retrieve it, it's simple. But if you want to tie in your services, and have role-based control over who can access keys, and what services are tied to the keys, it gets complicated. But that's not just Azure. That complexity comes with the level of complexity of the scenario.
Key Vault is easy to use because there are many APIs and mechanisms to create and retrieve. The concepts are easy. I use it in many scenarios, such as building infrastructure as code, consuming it in Kubernetes. Everything seems to be straightforward. It is really the de facto for key management and vaulting secrets.
For example, one of the applications recently we developed needed to store the username and password of the service that connects to SQL Server. I found it was super-easy to tie the credentials within the application configuration files to Key Vault to retrieve the keys. It was a no-brainer for a developer to learn and do it. It took about 15 to 30 minutes to follow the documentation. And it has really nice documentation. Performing any action using the features of Key Vault is really easy as it's user-friendly. Depending on your level of skill, the deeper you get, the more features you can use.
What's my experience with pricing, setup cost, and licensing?
Key Vault, like every Azure service, has a cost associated with it, but you don't have to spend thousands of dollars to spin up an environment to build a key management system. It's already there.
You pay as you go, similar to other services in Azure.
Which other solutions did I evaluate?
There are many other tools that I am still using, including AWS Secrets Manager, CyberArk, and Conjur, but none of them is close to Key Vault.
One of the benefits of Azure Key Vault is its integration with Active Directory, as is the case with most of the services in Azure. That really adds something to all the services.
Also, Managed HSM is not available in those other solutions. You have to go with HashiCorp Vault to get that.
In addition, the key rotation feature of Key Vault is a lot better than in AWS Secrets Manager. CyberArk and Conjur, are more one-off products for specific use cases. You have to purchase a license and implement and manage them yourself, and not everything works seamlessly in CyberArk.
Conjur was good until Key Vault supported containerization. Azure created services for using blob storage, and those features of Key Vault came naturally as part of the whole cloud stack.
Key Vault covers different problems for various personas and roles. As a developer, you get a lot of benefits that you don't get when you start developing with other tools, excluding HashiCorp Vault. HashiCorp Vault is really neat, and the only downside is that you have to manage the infrastructure yourself.
What other advice do I have?
I'm a cloud architect. If I don't see that Key Vault has been included in a proposed architecture, I don't approve it. It's a main ingredient in any cloud enterprise infrastructure and architecture. When you're using Azure, you have to have this or a third-party solution. If someone shows me a third-party solution, I have to ask, "What's the cost of owning this component that you're adding to the architecture? Is it included, like Key Vault, or do you have to pay for it like with HashiCorp Vault?" With Azure Key Vault you have something that is free, enterprise-level, global, and it just works.
I don't know if we could survive without Key Vault in a cloud implementation and still call it a secure platform. These days, you have to have Azure Key Vault or some third-party mechanism such as HashiCorp Vault. You need something that addresses key management in your cloud environment. But why should you pay for extra resources, costs, and management overhead, if everything is managed by Azure itself?
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Azure Key Vault
November 2024
Learn what your peers think about Azure Key Vault. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,649 professionals have used our research since 2012.
Microsoft Cybersecurity specialist at a tech services company with 51-200 employees
Affordable with the ability to store security certificates securely
Pros and Cons
- "It allows me to run applications using these certificates without directly installing them."
- "The platform's configuration process could be easier."
What is our primary use case?
The product integrates well with Azure Active Directory to manage identity or secret certificates.
What is most valuable?
Azure Key Vault's most valuable feature is its ability to store security certificates securely. It allows me to run applications using these certificates without directly installing them.
What needs improvement?
The platform's configuration process could be easier. Most of the new technologies involve certain prerequisites and complex setup processes.
For how long have I used the solution?
I have been using Azure Key Vault for a long time.
What do I think about the stability of the solution?
I rate the product's stability a nine out of ten.
What do I think about the scalability of the solution?
The product's scaling process is complex for users who are not familiar with its concept. It is suitable for small to enterprise businesses.
I rate the scalability an eight out of ten.
How was the initial setup?
The initial setup process takes 15 minutes to complete for me as I have prior experience working with it. The non-proficient users need professional assistance. In most cases, they need to be notified about the necessity of authenticating the user ID and password.
What's my experience with pricing, setup cost, and licensing?
The product has good pricing.
What other advice do I have?
I recommend Azure Key Vault to others and rate it a nine out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Infrastructure Manager\Enterprise Architect - Cloud at a manufacturing company with 1,001-5,000 employees
Features tie into the app, secrets, and the passwords and encrypt them
Pros and Cons
- "We only use the basic features and those are the ones that have the ability to tie into the app, the secrets, and the passwords and encrypt them."
- "To make it a ten the setup should be more streamlined."
What is our primary use case?
We use it to store our secrets and passwords for our integrations and applications.
What is most valuable?
We only use the basic features and those are the ones that have the ability to tie into the app, the secrets, and the passwords and encrypt them.
What needs improvement?
So far we've had good luck with it. We haven't had any bad experiences. Once we got it set up and we got it injected into our code, we've had pretty good success.
For how long have I used the solution?
I have been using Microsoft Azure Key Vault for around a year and a half.
What do I think about the scalability of the solution?
We have about 225 applications that are using it.
How are customer service and support?
Their technical support was good when we used them.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We did not use a different solution. This is our first time using the services.
How was the initial setup?
The initial setup was pretty straightforward.
What's my experience with pricing, setup cost, and licensing?
I thought the price was reasonable.
What other advice do I have?
My advice would be to definitely leverage your premier support to help you get it going. Once you get going on it, it's fairly simple to use.
I would rate it an eight out of ten.
To make it a ten the setup should be more streamlined.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
CyberSecurity Director of Intelligence at a tech services company with 1-10 employees
Straightforward to set up, robust, and helps improve security
Pros and Cons
- "Among the features that have helped improve our security posture are storing secrets in a secure location to create a trusted situation, trusted resources, and incorporating identity access management so that we know who has access to what."
- "One of my previous clients was one of the big banks here in the Netherlands and the EU courts have stated that Microsoft Azure Key Vault is not, according to their perspective, secure due to the fact that Microsoft has access to Key Vault."
What is our primary use case?
We use it for storing secrets for different accounts. If a service account or a storage account or a resource needs access to a resource, and there's a password involved, you would book out a password, and access Key Vault to gain access to the password, and get access to the resource.
How has it helped my organization?
The ability to use identity access management incorporated with RBAC is important for us. It helps us ensure the governance and security posture is secure and logical.
What is most valuable?
Among the features that have helped improve our security posture are storing secrets in a secure location to create a trusted situation, trusted resources, and incorporating identity access management so that we know who has access to what.
In addition, it hasn't affected our end-user experience. It's seamless.
What needs improvement?
One of my previous clients was one of the big banks here in the Netherlands and the EU courts have stated that Microsoft Azure Key Vault is not, according to their perspective, secure due to the fact that Microsoft has access to Key Vault. If you cannot demonstrate that only you, as an organization, have access to your secrets, then you are not in control of your secrets. That is a concern.
Also, a big issue is the configuration. It could be that the people working on the solution, the system engineers, might lack knowledge and not incorporate all the best practices from Microsoft. The way they've implemented it might not be the way Microsoft envisioned it. It's always back to who's implementing what for you as a solution.
For how long have I used the solution?
We've been using Microsoft Azure Key Vault for two to three years.
What do I think about the stability of the solution?
It's robust. It's good.
What do I think about the scalability of the solution?
The scalability is very good. It's up to your imagination and how big you want to make your resilience and high availability and so on.
We have plans to increase our usage because we are going to launch new websites for specific regions. There will just be more resources needed.
How are customer service and support?
Microsoft has a support team that calls our security team every two weeks to discuss any topics and issues, and to talk about topics of the day or the week. It might be about resilience or expansion or features that are changing and new releases. It's good to have a meeting at least every two weeks that gives us the opportunity to speak to Microsoft account management.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup was straightforward. It's already incorporated in Azure, so you can just use it. It took minutes to deploy.
What was our ROI?
The ROI is due to the fact the services keep on growing. It's better, it's more secure, and it grows. It's becoming a better product.
Which other solutions did I evaluate?
Our customer did not evaluate other products. They mostly want to do things native to Microsoft Azure, so that's their first port of call. And if Azure services cannot provide the functionality that they need, then they will go and look outside.
What other advice do I have?
Other service providers try to lower the prices, but it all depends on your development environment and your core skills. You are a bit more stuck if you are coding in .NET. If you go down that route, you can't easily move out to another service provider. Maybe you can go the route of adding a new team with a different service provider, but then you will need to mash it together. You would need to evaluate if that is a good option.
We have about 70 developers and they are in different teams. They interact with third parties and they have different roles, including front-end and back-end developers. Each one creates services for different websites for different regions, to sell e-vape cigarettes. And we have team leaders who use it as well. There's a security team of five people responsible for the infrastructure of Azure, including creating new resources or whatever is necessary for the dev teams. There are also operations management and product owners who make decisions on schedules, what will be built, and priorities.
Deployment and maintenance are part of the security engineers' work, to manage any issues. Sometimes the dev teams get involved with root cause analysis if something is going wrong with a web application. We have a team for certain maintenance tasks and requests.
The biggest lesson I've learned from using this solution is: "Stay secure."
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Director of Business Intelligence at a tech services company with 11-50 employees
Easy to use, stable, and it enable our clients to manage keys
Pros and Cons
- "The most valuable features are ease of use and enabling our clients to manage keys."
- "The initial setup could be less complex for first-time users."
What is our primary use case?
We use this product to manage our keys for storage, as well as the SQL server.
What is most valuable?
The most valuable features are ease of use and enabling our clients to manage keys.
What needs improvement?
The initial setup could be less complex for first-time users.
For how long have I used the solution?
We have been working with Microsoft Azure Key Vault for about a year.
What do I think about the stability of the solution?
This product has been very stable for us.
What do I think about the scalability of the solution?
Scalability does not apply to our use case. I can say that it works well for smaller organizations.
How are customer service and technical support?
Microsoft technical support has been very responsive and good.
Which solution did I use previously and why did I switch?
Prior to the Azure Key Vault, we used a third-party password value. We moved to satisfy our customer requirements.
How was the initial setup?
The first time we implemented this solution it was a little complex but as you use it, the process becomes easier. Installation specifics depend on each organization's needs.
The deployment, initially, was a couple of hours. After that, it took perhaps another hour to work through the setup and documentation.
What about the implementation team?
We have admins who are in charge of using the Key Vault.
What other advice do I have?
I would rate this solution a ten out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Associate Consultant at VXXIV Corp
A high level of security ensures safety of resources
Pros and Cons
- "A high level of security."
- "Inability to access the solution on the phone."
What is our primary use case?
There are currently two people in my team using this solution. I'm an associate consultant.
What is most valuable?
This is a very user friendly solution and the security level is very high.
What needs improvement?
The solution could be improved by making it accessible to more people.
The most significant additional feature I'd like to see would be the ability to access the system on the phone via my Microsoft login and to be able to manage the desktop file folders that way. That's something I look forward to.
For how long have I used the solution?
I've been using this solution for six months.
What do I think about the stability of the solution?
It's a stable solution.
What do I think about the scalability of the solution?
It's a scalable solution.
How are customer service and technical support?
I'm satisfied with the technical support.
How was the initial setup?
The initial setup took less than 10 minutes.
What other advice do I have?
I recommend this solution and would rate it an eight out of 10.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Azure Key Vault Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Product Categories
Enterprise Password Managers Certificate Management Software Microsoft Security SuitePopular Comparisons
Microsoft Intune
Microsoft Entra ID
Microsoft Sentinel
Microsoft Defender for Cloud
CyberArk Privileged Access Manager
Azure Front Door
AWS Secrets Manager
HashiCorp Vault
Microsoft Purview Data Loss Prevention
Delinea Secret Server
Microsoft Entra ID Protection
Azure DDoS Protection
BeyondTrust Password Safe
LastPass
Buyer's Guide
Download our free Azure Key Vault Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Which is better - Azure Key Vault or AWS Secrets Manager?
- What are some best practices to implement for secure employee password management?
- What advice do you have for an enterprise user on Password Day 2021?
- When evaluating Enterprise Password Managers, what aspect do you think is the most important to look for?
- What should one take into account when selecting an enterprise password manager?