Azure Key Vault

We are listening! Please take a few moments to submit your ideas or up-vote already submitted ideas by others. Azure Key Vault team regularly monitors and reviews all feedback submitted on this forum. You will be one of the first to know when a requested feature will be worked on! So be sure to vote or submit your ideas! Remember this site is for feature suggestions and ideas. For technical questions please try documentation, MSDN Forum or StackOverFlow

  1. download a vault credential without login to Azure portal

    My coworker sometimes set up Azure Agent Backup, though he does not have azure portal login accont.
    So when he set up Azure Agent Backup, I need to download the vault credential and pass it to him every time.
    Because of this, my coworker cannot set up Azure Agent Backup when I cannot pass him a vault credential.
    So I want to download a vault credential without login to Azure portal.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  2. [Azure Key Vault] Microsoft.Azure.KeyVault library should provide a *default* retry policy

    Microsoft.Azure.KeyVault library should provide a default retry policy, which consider the Key Vault SLAs and operational capabilities (e.g. failover).

    Just like the Azure Storage Client library.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. Key vault key upload fails because the password cannot be set

    I've seen in documentation that the key upload for the key vault has a password input for keys that are password protected. However, when I try to upload a key using the UI, this input box is not shown. Tried in Edge and Chrome, latest.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. Provide a search text box in keyvault to search for a key

    Currently portal supports a way to see the keyvault and keys + secrets stored in it. However the secrets section does not provide a search text box to search for a particular secret. The portal just lists the first 10 secrets in the vault and shows a 'Load more' button.

    If a keyvault has hundreds of keys in it getting to the desired key takes several mouse clicks in most cases. Simple ask is to provide a search text box to search for the desired key.

    I understand I can use powershell to get the secret directly. But sometimes remembering…

    85 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. Key Vault creation fails in CSP subscription

    Using google chrome version 54.0.2840.99 m (64-bit) and portal.azure.com

    When creating a new Key Vault inside an CSP subscription the following Error occurs:
    see attached screenshot

    My logged in user (example.adminuserr1) is member of the parent CSP AzureAD Tenants' (@csp.onmicrosoft.com) group "AdminAgents". I am working inside a subscription attatched to an customer AzureAD Tenant (@customer.onmicrosoft.com) created through PartnerCenter CSP Dashboard.

    I can replicate this error with other Accounts in the "AdminAgents" group located in the parent CSP AzureAD Tenant (example.user2@csp.onmicrosoft.com).

    I can create the keyvault with an user from the customer AzureAD Tenant (example.user@customer.onmicrosoft.com) without issues.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. Key Vault - Allow using AD Groups (RBAC) on Keys and Secret level

    I am an infrastructure admin, and i would like to use a single keyvault where i can maintain secrets and keys and use RBAC to allow users, Groups, Service Principals to insure they only have access to what they need. this would simplify my administration of this service, perhaps adding folders/group tags to secrets within the keyvault and setting permissions based on those would also be an option

    65 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  7 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Allow a key vault access policy to be restricted to a certain key

    If a company has a single KeyVault which holds dev and production keys, as long as you access the keyvault through a valid access policy and key can be used (for the usages mentioned in the access policy).

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  8. Ensure Key Vault Access Policies publish Group name to displayname when delegated

    currently when delegating permissions to secrets and keys to groups the group name is not published into the "displayname" attribute of the vault key. only the object ID exists. nightmare for role segregation mgmt.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  9. Key Vault Secret Backup / Restore Role

    You can currently backup / restore keys from Keyvault. it would be helpful to be able to provide backup/ restore functionality and roles for Secrets.
    the current design assumption is these would also be stored within an on-prem password vault or documentation or equivalent. however operational best practice varies across companies as such a catch all should allow the backup and restore of secrets as you can with KEYS.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  10. Provide integration to push values from Portal to KeyVault

    While there are other posts about being able to manage KeyVault content from the Portal (which is needed, in fact), there should also be integration to do direct-push to KeyVault. In particular, Storage Keys would be the first item (click on button, select existing vault or new vault, select key name or new key name.) Same should extend to SQL Azure Connection Strings, Service Bus Connection Strings, etc.

    Use the current user's AAD to set the permission just as if they were using PowerShell and had typed "Login-AzureRmAccount". They're already staring at the value (in the case of Storage Keys.)…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add support for certificate request from Azure Key vault

    Add support to create certificate requests from Azure Key Vault.
    This would enable PDF signing in the cloud. And would open many possibilities for cloud based e-ID solutions.

    Adobe pdf signing certificates have requirements for hsm, smart card or equivalent secure storage so being able to have this in the Azure Key vault would be very useful.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Certificates  ·  Flag idea as inappropriate…  ·  Admin →
  12. Have better integration of Azure Key Vault and Crypteron

    Crypteron offers great SDK to offer easy encryption for Azure SQL and Azure Blob storage. However, the API keys are not accessible through Azure Key Vault for great level of security. Please work with Crypteron on better integration of their SDK offerings with use with KeyVault services.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. 20 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  14. Support to TripleDES and DUKPT on KeyVault

    In Payment Industry, cryptographic keys that are used to encrypt PIN from credit/debit cards are TripleDES (sometimes with DUKPT) based. Currently, KeyVault only support RSA keys.

    Please add support to it.

    72 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    18 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
1 2 3 4 5 7 Next →
  • Don't see your idea?

Feedback and Knowledge Base