Azure Key Vault

We are listening! Please take a few moments to submit your ideas or up-vote already submitted ideas by others. Azure Key Vault team regularly monitors and reviews all feedback submitted on this forum. You will be one of the first to know when a requested feature will be worked on! So be sure to vote or submit your ideas! Remember this site is for feature suggestions and ideas. For technical questions please try documentation, MSDN Forum or StackOverFlow

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Private CA (Certificate Authority) certificate issuing capability

    Provide native Private CA (Certificate Authority) capability in Azure so that private certificates can be issued.

    AWS has this feature, why not Azure?
    https://aws.amazon.com/certificate-manager/private-certificate-authority/

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Certificates  ·  Flag idea as inappropriate…  ·  Admin →
  2. Multi-Region Key Vault

    Currently, Key Vault only supports one single region via collocation constraint, but there are usecases which having a multi-region Key Vault is necessary such as Encryption Scope.

    What I am suggesting is to implement a version of Key Vault which supports multiple regions instead of just one

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  3. enable support for LetsEncrypt with enrolment and renewal

    Currently, Azure Key Vault can request and manage the life cycle of Digicert certificates (at a rather high cost). Can similar functionality be implemented for Let's Encrypt?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Certificates  ·  Flag idea as inappropriate…  ·  Admin →
  4. Is there a way to programatically create a key vault?

    I need to be able to programmatically create a key vault in code. c#. But I don't see any documentation that will allow me to do that except for az.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  5. On Prem AKV

    Even with premium, AKV is placed in the Microsoft Datacenters. That is the main reason customers don't want to have both data and keys on the same cloud or with the provider, which is Microsoft.
    This is a much bigger problem in the EU.

    Why can't Microsoft create AKV as a device which customers can buy and put in their own data center? Add it as a registered device in Azure subscription, and then it provides the same interface and API.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  6. Setting the Secret expiration date in UTC date format instead of in seconds

    It would be nice to have the ability to specify the secret expiration date in UTC format instead of in seconds since 1970. I known we can set in the UTC format using powershell but it would be nice to have this option in the ARM template as well.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Managing application secrets  ·  Flag idea as inappropriate…  ·  Admin →
  7. Add ability to store any arbitrary string in Key Vault

    At the moment you can only add certificates, but there are many instances you may want to setup arbitrary pieces of 'secret' text like a password, connection string or other configuration information that can be retrieved securely from somewhere.

    I would like to suggest this ability is added to Key Vault (I believe AWS has something similar called AWS Parameter Store)

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Managing application secrets  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow Recover or Purge Soft Deleted Azure Key Vaults in Azure Portal

    Hi Azure team,

    We hope that you could add a feature in azure portal where we can recover or purge the soft deleted azure secret value. Right now it is kinda hassle to do CLI in the cloud powershell just to remove or recover specific soft deleted azure secret value. This will be a big help!

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  1 comment  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add namespaces to key name

    We are planning to use Azure key vault to maintain DB passwords used by microservices. As per standards, in Java Spring, the property name for DB password is "spring.datasource.password". We can store only one value with key corresponding to "spring.datasource.password" in an Azure vault. There might be 100s of microservices and maintaining each microservice with a key vault will be difficult.
    Here's the issue from our customer: https://github.com/microsoft/azure-spring-boot/issues/763

    Hashicorp vault solves this issue with namespaces: https://learn.hashicorp.com/vault/operations/namespaces

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Managing application secrets  ·  Flag idea as inappropriate…  ·  Admin →
  10. Not require "Key Vault contributor" role for devops app user

    For Azure Devops to access a Key Vault during deployment there is a process to create a custom role and assign it to key vault: https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/key-vault-parameter?tabs=azure-powershell#grant-access-to-the-secrets

    We discovered that is is also necessary to have Azure Key Vault Contributor role as well to the devops app-user, which gives it more permissions than required. This has been verified with MS support.

    Please change so that deployment user only needs a read-only role to access the Vault during deployment.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Managing application secrets  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add ability to add RBAC role or Action Group as Azure Key Vault certificate contact

    Would be awesome if you could add the ability to set either / both RBAC roles or a Action Groups as Azure Key Vault certificate contacts.

    This would be very nice to have especially for automation using Lighthouse for authentication, as Lighthouse alone can't be used to read Azure AD to get email addresses.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Certificates  ·  Flag idea as inappropriate…  ·  Admin →
  12. Enable the exposure of User Details of External (Guest) users to Azure Keyvault.

    At present reporting on access to secrets stored in keyvaults is only easily deploy-able on users that a members of the underlying AD tenant. For invited users the logs only record the object ID and not the username - meaning that in order to generate reports on secret access additional scripting is required within the code to perform a lookup to gain the details that are already in the Tenant AD and populate a variable to be used. As the information is already in Azure AD it would be more elegant for this heavy lifting to be done by the…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. Configure key vault managed storage accounts via ARM template

    This link describes configuring Key Vault managed storage accounts with PowerShell.
    https://docs.microsoft.com/en-us/azure/key-vault/secrets/overview-storage-keys-powershell

    If we could do the same in an ARM template, it would reduce deployment complexity and allow us to leverage the functionality in air-gapped environments.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  14. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Custom applications  ·  Flag idea as inappropriate…  ·  Admin →
  15. Support Azure Key Vault Reference for Application Insights in Portal

    https://github.com/MicrosoftDocs/azure-docs/issues/40988

    When configured key vault reference for 'APPINSIGHTS_INSTRUMENTATIONKEY' in Azure function app's application settings then open the function's monitor blade, portal throws a error that says 'App Insights instrumentation key in present in app settings but App Insights is not found in the function app's subscription.'

    BUT we do receive telemetry in application insights.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Encryption at rest  ·  Flag idea as inappropriate…  ·  Admin →
  16. Offer Logic App as a choice in the Event Endpoint dropdown

    When you are creating a new Event Subscription you should be able to choose Logic App as a possible option for the Event Handler / Endpoint Type.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  17. Enable compound identity access using az cli

    Per https://github.com/MicrosoftDocs/azure-docs/issues/49362 - currently az cli does not allow setting compond identity access to a keyvault.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  18. Support requesting for multiple secret values in the same API call

    We request various secret values while initializing our service. The way we do it now is that we issue separate HTTP requests for each using the .NET SDK (GetSecretAsync). Ideally we should be able to request for multiple secrets using the same request.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Managing application secrets  ·  Flag idea as inappropriate…  ·  Admin →
  19. Support (encrypted) files in Key Vault

    It would be great if Key Vault had support for (encrypted) files. Sometimes we need to share settings files, properties etc between members of our distributed team and end up using Key Vault secrets and pasting the file contents into the "secret value" field, but that messes with the formatting and makes the download harder.
    It would be great if we could upload the file in it's whole to Key Vault and then let users download it.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Custom applications  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow "Microsoft.KeyVault/vaults/accessPolicies/write" permission to work without having to also assign "Microsoft.KeyVault/vaults/write"

    At present "Microsoft.KeyVault/vaults/accessPolicies/write" is insufficient to block or enable user for modifying the access policy of the key vault.

    To block or enable access policy you have to add "Microsoft.KeyVault/vaults/write" as well. This means that we cannot properly apply least privilege to users who we just want to block or allow to modify access policies only.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 8 9
  • Don't see your idea?

Feedback and Knowledge Base