Azure Key Vault

We are listening! Please take a few moments to submit your ideas or up-vote already submitted ideas by others. Azure Key Vault team regularly monitors and reviews all feedback submitted on this forum. You will be one of the first to know when a requested feature will be worked on! So be sure to vote or submit your ideas! Remember this site is for feature suggestions and ideas. For technical questions please try documentation, MSDN Forum or StackOverFlow

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Extend KeyVault Certificates funcationality to allow for use as an Enterprise CA.

    Extend the functionality of Key Vault Certificates to all for using as an Enterprise CA with functionality similar to Active Directory Certificate Services.

    New service should integrate with the virtual network.
    Should support the use of modern crypto and hashing.
    Should support ECDSA Keys
    Should support root CA key being in an HSM.
    Should auto configure an OcSP end point.
    Should warn against use of legacy crypto.
    Should allow for cross-subscription connecting (need to connect my dev\test key vault to my enterprise keyvault CA.
    Should integrate with KeyVault Policies to allow for RBAC.

    Post Setup: Allow export of GPO for…

    12 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Certificates  ·  Flag idea as inappropriate…  ·  Admin →
  2. Ability to sign cert with another self-signed cert

    It would be nice to create a root cert and store it in the keyvault. Then, create other self signed certs that are signed by the root cert. This would allow me to create a single CA for my cluster, then create certs for the various microservices in the cluster so they could communicate securely. I would simply need to install the root cert on all the machines.

    11 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Certificates  ·  Flag idea as inappropriate…  ·  Admin →
  3. Show keys/secrets paths next to certificates path

    In the key vault portal, when you view a certificate, the top URL is the "Certificate Identifier". If you specify this in Express V2 deployment, it will only contain the public key. If you need the cert with private key, you have to go to the bottom of the page and look for the "Secret Identifier" URL and use that instead. IMO, the "Key Identifier", "Secret Identifier" and "Certificate Identifier" URLs should all be at the top of the certificate version page, and they should have some help text to indicate the difference.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Certificates  ·  Flag idea as inappropriate…  ·  Admin →
  4. Add Support for Future/Scheduled Certificate Versions

    I would like the ability to create a new certificate version in advance while continuing to use the current version for some time. In my scenario, I have a server application that issues digital signatures that IoT devices in the field need to verify, and the devices need the application’s public-key-containing certificate to perform this operation.

    Currently, when I renew the server application’s certificate, I must distribute it to all devices at that point in a “big bang” fashion. (To be precise, the devices detect that the certificate thumbprint sent with the signatures has changed, and they get the new…

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Certificates  ·  Flag idea as inappropriate…  ·  Admin →
  5. I had come across scenario wherein AZURE Key vault doesn’t clear entries of User/application in the “Access policies”, when we delete respec

    I had come across scenario wherein AZURE Key vault doesn’t clear entries of User/application in the “Access policies”, when we delete respective object in Azure AD. I’m wondering, if this require manual way of clearing all stale reference in AKV access polices on regular basis? if that is the case, can we include this feature with upcoming release so that customer needn’t to worry about manually cleanup?

    Please refer attached screenshot which has multiple stale reference part of Access polices, even though actual object were deleted from Azure AD tenant.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Certificates  ·  Flag idea as inappropriate…  ·  Admin →
  6. Support certificate revocation

    Key vault supports obtaining certificates from number of CAs and this works great.

    However, Key Vault does not currently provide interface to revoke such certificates, leaving a gap in certificate lifecycle management.

    Please extend integration between Key Vault and supported CAs to support revocation in addition to issuance.

    17 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Certificates  ·  Flag idea as inappropriate…  ·  Admin →
  7. CDN - SSL - Incorrect version selected on dropdown

    CDN Profiles -> Custom Domain -> HTTPS -> Own certificate, once the KeyVault Certificate/Secret Version dropdown is loaded, it seems to always select the first item (current version) even though it is an older version that's currently deployed.

    In order to actually deploy the current version, user will need to first select an older version and then re-select the current version because the save button is disabled by default.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Certificates  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow self-signed certificates to have a custom-set password

    Currently, self-signed certs created in the portal do not have a way to allow passwords to be set. This causes a problem when the PFX is needed to be uploaded to other Azure services, as they require passwords. Please allow a way for a password to be set on any self-signed certificate created in the Azure Key Vault portal.

    13 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Certificates  ·  Flag idea as inappropriate…  ·  Admin →
  9. Cert deployment - Allow regions to be different for keyvault and VM

    today, VM and keyvault needs to be in same region. This causes lot of pain for services that have deployments in all Azure regions. We need to copy and rollover all same cert in all regions..

    61 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Certificates  ·  Flag idea as inappropriate…  ·  Admin →
  10. Add support for storage and retrieval of password protected certificates

    Currently all password protections applied on a certificate are stripped when they are uploaded and saved into Azure Key Vault. We would like to have the option of storing both the certificate and the password via the "az keyvault certificate import/download" set of cli commands with a toggleable optional argument to choose to preserve the transmission of the private key into and out of the keyvault along with the base certificate data together.

    29 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Certificates  ·  Flag idea as inappropriate…  ·  Admin →
  11. Enable customer to request duplicate certificate from Azure Key Vault

    Right now, customer uses DigiCert’s management portal to request duplicate certificates: https://www.digicert.com/ssl-support/wildcard-san-names.htm#sanshelpme.

    It would be nice to if Azure Key Vault can help customer manage and auto update certificates to reduce manual work.

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Certificates  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add download of SSL certificates from key vault

    Provide ability to download an SSL certificate from the key vault for use in other services (e.g. Azure API Management which only accepts uploaded certs).

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Certificates  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add support for certificate request from Azure Key vault

    Add support to create certificate requests from Azure Key Vault.
    This would enable PDF signing in the cloud. And would open many possibilities for cloud based e-ID solutions.

    Adobe pdf signing certificates have requirements for hsm, smart card or equivalent secure storage so being able to have this in the Azure Key vault would be very useful.

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Certificates  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow certificate upload from Azure Storage

    Currently, the only way to upload a certificate to a Key Vault is to have the file stored locally on the computer that is doing the upload.
    Having the possibility to upload the cert from a Blob would be ideal, as that would mean our certificates could be safely hosted being encrypted Azure Storage, and retrieved with a SAS and directly uploaded to Azure Key Vault without needing to download it locally, and then upload it.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Certificates  ·  Flag idea as inappropriate…  ·  Admin →
  15. Support mutliple lifetime actions for certificate policies

    Currently you can specify only one lifetime action in a certificate policy. Most of the time I want an automatic rollover but I also want to know that this happened because I need to take some additional actions.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Certificates  ·  Flag idea as inappropriate…  ·  Admin →
2 Next →
  • Don't see your idea?

Feedback and Knowledge Base