Azure Key Vault

We are listening! Please take a few moments to submit your ideas or up-vote already submitted ideas by others. Azure Key Vault team regularly monitors and reviews all feedback submitted on this forum. You will be one of the first to know when a requested feature will be worked on! So be sure to vote or submit your ideas! Remember this site is for feature suggestions and ideas. For technical questions please try documentation, MSDN Forum or StackOverFlow

Do you have an idea or a suggestion for Azure Key Vault based on your experience?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Per-secret/key/certificate access control

    Currently it's an all or nothing model. To grant a user account or app id access to one secret, you have to grant it access to the entire vault (as far as I can tell). This eliminates the possibility of least privilege access to secrets. In this model, the only way to create security boundaries for individual secrets is to create additional key vaults, which could get out of control fast if we need one key vault per application per environment. A better model would be to have independent access controls on both the vault and the individual secrets.

    For…

    212 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  18 comments  ·  Managing application secrets  ·  Flag idea as inappropriate…  ·  Admin →
  2. Secret Names do not support special characters

    In order for our organization to fully adopt Azure Key Vault for managing passwords and secrets we need to be able to support at a minimum allowing _ (underscrores) and other special characters in the naming convention as we have hundreds of names that contain underscores in them such as account_test, account_prd, etc..

    Reading through the documentation online I can't find any technical reason as to why special characters aren't supported but this is a show stopper at this point for us until this is added/supported.

    66 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    12 comments  ·  Managing application secrets  ·  Flag idea as inappropriate…  ·  Admin →
  3. Provide the ability to create multiple lines' secret(SSH private key) in azure portal

    When I generate a manual type secret, it's impossible to save the multiple lines' secret(SSH private key) value, in fact, I think the input box should take text area as an option.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Managing application secrets  ·  Flag idea as inappropriate…  ·  Admin →
  4. Full Backup and Restore

    Currently, you can only back up each secret one at a time. I would like the ability to back all the secrets up and obviously, store them in an encrypted storage account or vault.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Managing application secrets  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add filtering and column sorting options to Keys, Secrets and Certificates

    Background:

    Is it just me, or is it really annoying that you can't write any filters or sort on columns in the Key Vault resource? We will have like 1500 keys when our projects reaches it's final stage, and the "Show more"-button is really not my best friend.

    Suggestion:

    Make the lists of Keys, Secrets and Certificates sortable on column name, and add a filter/search field to improve management when browsing the vault using Azure Portal.

    To find a Secret in a long list it requires you to scroll down, and press "Load more" which is not convinient at all.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Managing application secrets  ·  Flag idea as inappropriate…  ·  Admin →
  6. Portal experience for 'On-Boarding' a Storage Account Key / SAS Rotation

    Portal experience for creating a Key Vault Managed Storage Account and/or for 'On-Boarding' a Storage Account into being managed by a given Key Vault Key

    This is possible with PowerShell and AzureCLI (as described here: https://docs.microsoft.com/en-us/azure/key-vault/key-vault-ovw-storage-key) but there is not portal experience for doing this.

    Originally mentioned in this Github Issue:
    https://github.com/MicrosoftDocs/azure-docs/issues/10555

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Managing application secrets  ·  Flag idea as inappropriate…  ·  Admin →
  7. Add support for PGP keys

    Many of our vendors require us to send them files via SFTP using their public encryption keys most of which are PGP keys. As we start to migrate our Managed File Transfer service to Azure we'd like to leverage storing these keys in Azure Key Vault

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Managing application secrets  ·  Flag idea as inappropriate…  ·  Admin →
  8. Events when key or secrets are changed or updated in key vault

    It’s important to know if keys / Secrets are updated in key vault so that necessary actions with consuming application can be taken when this occurs...

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Managing application secrets  ·  Flag idea as inappropriate…  ·  Admin →
  9. manage permissions on an entry level

    We are creating a solution where multiple services (backend servers from different departments, ...), will use key vault to retreive their access keys. It would be great to be able to give a backend service access to only the relevant entry (e.g. only to secret1 and certificate2).
    The problem is, that a user that has access (to secrets for example), automatically has access to all secrets.

    In other words: Add access policies to secrets, keys and certificates

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Managing application secrets  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow secret versions to be deleted

    You can create multiple versions for a given secret, however the api only allows a delete to be performed at the secret level and not for an individual version.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Managing application secrets  ·  Flag idea as inappropriate…  ·  Admin →
  11. Secure export options and access to KeyVault secrets from login screens

    Would be great to have following options in Key Vault – structured security permissions for all cryptographic resources. Possibility to deliver KeyVault secrets to users in secure way – direct export to encrypted archive + password, without use of system clipboard. One more option – direct access to KeyVault secret from mstsc or Windows Hello login screen, without copying of the sensitive information via system clipboard. Together with MFA security option KeyVault secret assigned to appropriate user can work as primary or backup login option.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Managing application secrets  ·  Flag idea as inappropriate…  ·  Admin →
  12. Provide the ability to insert multiple secrets via JSON dictionary or similar method via command line

    Today, secrets are able to be added manually and via file, which from my knowledge only accepts one key value pair for the secret. It would be nice to have the ability to insert multiple secrets at once.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Managing application secrets  ·  Flag idea as inappropriate…  ·  Admin →
  13. I facing issue while settng / getting secret keys using Key Voult API. I am getting 501 response from these API's

    I facing issue while settng / getting secret keys using Key Voult API. I am getting 501 response from these API's

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Managing application secrets  ·  Flag idea as inappropriate…  ·  Admin →
  14. Don't show Key Vault secrete values in the Azure Portal

    Today when secrets are added to Key Vault, the value of secret is visible in Azure Portal (initially secrets are masked out, but clicking on secret allows to see its value secret).

    There should be an option NOT to see secret's value once it’s added to the vault.

    This way if Azure Portal is compromised, secretes are still secure.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Managing application secrets  ·  Flag idea as inappropriate…  ·  Admin →
  15. Manually add (or re-add) App Service Key to Key Vault?

    Is there a way that I can re-add my App Service Certificate to my Key Vault?
    The reason I'm asking is that I accidentally deleted the certificate from the Key Vault. The App Service Certificate resource is still there, but the certificate no longer shows up in my Key Vault (obviously).

    https://stackoverflow.com/questions/53202773/azure-manually-add-app-service-certificate-to-key-vault

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Managing application secrets  ·  Flag idea as inappropriate…  ·  Admin →
  16. Rotate secrets when they are uploaded in bulk to vault

    As a compliance activity we remove secrets (app secrets, connection strings, etc) from code and upload them to Azure Key Vault. That provides an opportunity to roll them and have fresh secrets at the moment they are put into the vault.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Managing application secrets  ·  Flag idea as inappropriate…  ·  Admin →
  17. Key vault document is really messy

    The current key vault document is really messy, it's really hard to know the whole e2e workflow to setup a keyvault for a web app.
    For example, where to get the client id and client password, how to connect the key vault with application, why there are so many old portal screenshots, why so many powershell scripts if we can just click some button via portal

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Managing application secrets  ·  Flag idea as inappropriate…  ·  Admin →
  18. Add deployment slots

    Configuration secrets such as connection strings will change from one deployment slot to another. Adding the deployment slot concept to Key Vault would eliminate the need to hack that concept into the secret names and the code used to retrieve the secrets.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Managing application secrets  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base