Azure Key Vault

We are listening! Please take a few moments to submit your ideas or up-vote already submitted ideas by others. Azure Key Vault team regularly monitors and reviews all feedback submitted on this forum. You will be one of the first to know when a requested feature will be worked on! So be sure to vote or submit your ideas! Remember this site is for feature suggestions and ideas. For technical questions please try documentation, MSDN Forum or StackOverFlow

  1. Key Vault - Allow using AD Groups (RBAC) on Keys and Secret level

    I am an infrastructure admin, and i would like to use a single keyvault where i can maintain secrets and keys and use RBAC to allow users, Groups, Service Principals to insure they only have access to what they need. this would simplify my administration of this service, perhaps adding folders/group tags to secrets within the keyvault and setting permissions based on those would also be an option

    61 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  7 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow a key vault access policy to be restricted to a certain key

    If a company has a single KeyVault which holds dev and production keys, as long as you access the keyvault through a valid access policy and key can be used (for the usages mentioned in the access policy).

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  3. Ensure Key Vault Access Policies publish Group name to displayname when delegated

    currently when delegating permissions to secrets and keys to groups the group name is not published into the "displayname" attribute of the vault key. only the object ID exists. nightmare for role segregation mgmt.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  4. Key Vault Secret Backup / Restore Role

    You can currently backup / restore keys from Keyvault. it would be helpful to be able to provide backup/ restore functionality and roles for Secrets.
    the current design assumption is these would also be stored within an on-prem password vault or documentation or equivalent. however operational best practice varies across companies as such a catch all should allow the backup and restore of secrets as you can with KEYS.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  5. Provide integration to push values from Portal to KeyVault

    While there are other posts about being able to manage KeyVault content from the Portal (which is needed, in fact), there should also be integration to do direct-push to KeyVault. In particular, Storage Keys would be the first item (click on button, select existing vault or new vault, select key name or new key name.) Same should extend to SQL Azure Connection Strings, Service Bus Connection Strings, etc.

    Use the current user's AAD to set the permission just as if they were using PowerShell and had typed "Login-AzureRmAccount". They're already staring at the value (in the case of Storage Keys.)…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. Add support for certificate request from Azure Key vault

    Add support to create certificate requests from Azure Key Vault.
    This would enable PDF signing in the cloud. And would open many possibilities for cloud based e-ID solutions.

    Adobe pdf signing certificates have requirements for hsm, smart card or equivalent secure storage so being able to have this in the Azure Key vault would be very useful.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Certificates  ·  Flag idea as inappropriate…  ·  Admin →
  7. Have better integration of Azure Key Vault and Crypteron

    Crypteron offers great SDK to offer easy encryption for Azure SQL and Azure Blob storage. However, the API keys are not accessible through Azure Key Vault for great level of security. Please work with Crypteron on better integration of their SDK offerings with use with KeyVault services.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. 18 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  9. Support to TripleDES and DUKPT on KeyVault

    In Payment Industry, cryptographic keys that are used to encrypt PIN from credit/debit cards are TripleDES (sometimes with DUKPT) based. Currently, KeyVault only support RSA keys.

    Please add support to it.

    72 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    17 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
1 2 3 4 5 7 Next →
  • Don't see your idea?

Feedback and Knowledge Base