Azure Key Vault

We are listening! Please take a few moments to submit your ideas or up-vote already submitted ideas by others. Azure Key Vault team regularly monitors and reviews all feedback submitted on this forum. You will be one of the first to know when a requested feature will be worked on! So be sure to vote or submit your ideas! Remember this site is for feature suggestions and ideas. For technical questions please try documentation, MSDN Forum or StackOverFlow

  1. Allow more than 24 characters for key vault name length

    Please allow more than 24 characters for key vault name length. Using a standard naming convention across Azure resources that includes the resource type, region, and landscape doesn't leave many characters for the key vault name. Web Apps also utilize globally unique DNS names and support up to 60 characters. Supporting up to 60 character names would make it easier for us to use our standardized naming convention.

    269 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    19 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  2. Secret Names do not support special characters

    In order for our organization to fully adopt Azure Key Vault for managing passwords and secrets we need to be able to support at a minimum allowing _ (underscrores) and other special characters in the naming convention as we have hundreds of names that contain underscores in them such as accounttest, accountprd, etc..

    Reading through the documentation online I can't find any technical reason as to why special characters aren't supported but this is a show stopper at this point for us until this is added/supported.

    193 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    33 comments  ·  Managing application secrets  ·  Flag idea as inappropriate…  ·  Admin →
  3. Provide a search text box in keyvault to search for a key

    Currently portal supports a way to see the keyvault and keys + secrets stored in it. However the secrets section does not provide a search text box to search for a particular secret. The portal just lists the first 10 secrets in the vault and shows a 'Load more' button.

    If a keyvault has hundreds of keys in it getting to the desired key takes several mouse clicks in most cases. Simple ask is to provide a search text box to search for the desired key.

    I understand I can use powershell to get the secret directly. But sometimes remembering…

    170 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    18 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. ARM Template for KeyVault to have AccessPolicies non-mandatory

    Hi,
    It would be better for idempotency and the ability to create Keyvault first, with additional incrementally run ARM templates to have AccessPolicies as non-mandatory.

    It is already possible to incrementally add AccessPolicies once you have a KeyVault, but it is not possible to create or update a Keyvault via ARM without specifying the AccessPolicies... which is a problem for update - you need to know all the existing AccessPolicies before you do the update or it will get reverted to whatever you specify.

    140 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    18 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  5. Support to TripleDES and DUKPT on KeyVault

    In Payment Industry, cryptographic keys that are used to encrypt PIN from credit/debit cards are TripleDES (sometimes with DUKPT) based. Currently, KeyVault only support RSA keys.

    Please add support to it.

    76 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    20 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  6. Export Certificate as PKCS12/PFX Does Not Provide Passphrase Encoding

    Export Certificate as PKCS12/PFX Does Not Provide Passphrase Encoding.

    According to PCKS #12 we should have a password to protect the private key that is exported with the cert. Currently the key vault gives you a warning during export/download that no password is used, however it doesn't provide the capability to provide a passphrase.

    Strangely enough the API Manager and other Azure Resources require imported certificates to have a passphrase. This makes the two services fairly incompatible.

    It would be good if Certificates exported from KeyVaults have the option to protect the private key with a passphrase as per PKCS…

    70 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Certificates  ·  Flag idea as inappropriate…  ·  Admin →
  7. Cert deployment - Allow regions to be different for keyvault and VM

    today, VM and keyvault needs to be in same region. This causes lot of pain for services that have deployments in all Azure regions. We need to copy and rollover all same cert in all regions..

    62 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Certificates  ·  Flag idea as inappropriate…  ·  Admin →
  8. Method for organising secrets in Key Vault (folders/sections)

    I'm using key vault as a central key/value configuration repository. I have a lot of configuration keys, so navigating the vault has become tricky.

    It would be really great if there was some form of cosmetic layer over the top, so that similar items could be grouped, to make navigation easier.

    60 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  9. Enable CORS for Key Vault

    Either allow CORS for all Key Vaults, or allow it to be set on a per-Key Vault basis.

    52 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  10. Active Directory Certificate Service as external CA Provider

    Create an integration that allows the use of an existing on-prem or Azure VM Active Directory Certificate Services' CA to issue certificates.

    46 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Certificates  ·  Flag idea as inappropriate…  ·  Admin →
  11. Create a Windows Key Storage Provider (KSP) that effectively allows usage of Azure Key Vault as a virtual hardware security module (HSM)

    If windows could use Azure Key Vault as a KSP, it would better secure the private keys of any certificates in Windows - effectively acting as a virtual hardware security module (HSM). I believe this would enable migration of workloads that require a HSM to Azure, and reduce cost for on-prem workloads that might otherwise require a HSM. It would also make it easier / more secure to setup a public key infrastructure (PKI) / certificate authority (CA) in Azure -- or even on-premises for that matter.

    44 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. ARM Template support for Certificates and Issuers

    Hi,

    Currently KeyVault only supports adding new secrets using ARM templates.

    Certificates are common part of any service today, just like secrets, and I would like to be able to create them in my vault using my ARM templates.

    Due to this limitation, currently my provisioning scripts are split to 3 parts(!):
    1. ARM Template for preparation (create the KV)
    2. Powershell to create the certificates inside the KV
    3. ARM Template for the remaining provisioning, that in some parts rely on getting the certificate private part (by accessing the "secret" entity on the KV)

    This doesn't make sense.

    At…

    43 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Certificates  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add EV Code Signing certificate support with Azure Pipeline.

    Permit EV code signing of Azure Pipeline builds from certs stored and even created in Key Vault. E.g. Key Valut/DigiCert/other integration to issue the cert.

    Then allow CI builds with no EV and EV for final builds. May need an optional 2FA approval mechanism for a final build 'job'. E.g. Authentication app prompt. But make it optional please.

    31 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Certificates  ·  Flag idea as inappropriate…  ·  Admin →
  14. Add support for storage and retrieval of password protected certificates

    Currently all password protections applied on a certificate are stripped when they are uploaded and saved into Azure Key Vault. We would like to have the option of storing both the certificate and the password via the "az keyvault certificate import/download" set of cli commands with a toggleable optional argument to choose to preserve the transmission of the private key into and out of the keyvault along with the base certificate data together.

    29 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Certificates  ·  Flag idea as inappropriate…  ·  Admin →
  15. Support storing certificates without private keys

    Right now keyvault doesn't allow storing a certificate WITHOUT the private key in the keyvault. This is useful for a number of use-cases, eg:


    • storing an internal CA public cert in the same place other internal certs are stored

    • Store the public cert for trusted clients, where the private key is only on the client

    The "workaround" right now is to store unsupported cert forms either in a storage account, or as secrets. Storage accounts aren't ideal b/c they are conceptually separate and are not audited in the same way; and don't support the same ability to browse or search…

    27 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Certificates  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow certificate versions to be deleted

    You can create new certificate versions, but you can only delete all versions at the same time, when deleting the certificate itself. If a new cert gets created that shouldn't have been, I can't delete it without deleting my other valid ones. That means that I have to always specify instance versions to retrieve instead of "latest", since I have no way to remove "latest" if it was mistakenly created.

    24 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Certificates  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add filtering and column sorting options to Keys, Secrets and Certificates

    Background:

    Is it just me, or is it really annoying that you can't write any filters or sort on columns in the Key Vault resource? We will have like 1500 keys when our projects reaches it's final stage, and the "Show more"-button is really not my best friend.

    Suggestion:

    Make the lists of Keys, Secrets and Certificates sortable on column name, and add a filter/search field to improve management when browsing the vault using Azure Portal.

    To find a Secret in a long list it requires you to scroll down, and press "Load more" which is not convinient at all.

    24 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Managing application secrets  ·  Flag idea as inappropriate…  ·  Admin →
  18. include functions as a trusted service in key vault firewall exceptions

    Include functions as a trusted service in key vault firewall exceptions. Why wouldn't you include all Azure services - unless we don't trust Azure PaaS anymore? ;-)

    23 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to up-vote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  19. Add support for PGP keys

    Many of our vendors require us to send them files via SFTP using their public encryption keys most of which are PGP keys. As we start to migrate our Managed File Transfer service to Azure we'd like to leverage storing these keys in Azure Key Vault

    22 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Managing application secrets  ·  Flag idea as inappropriate…  ·  Admin →
  20. Support for KMIP protocol

    KMIP is a standard protocol for interacting with vaults. It's supported by major vendors including NetApp. Keyvault should support this feature to allow centralized key management.

    20 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 8 9
  • Don't see your idea?

Feedback and Knowledge Base