Azure Key Vault

We are listening! Please take a few moments to submit your ideas or up-vote already submitted ideas by others. Azure Key Vault team regularly monitors and reviews all feedback submitted on this forum. You will be one of the first to know when a requested feature will be worked on! So be sure to vote or submit your ideas! Remember this site is for feature suggestions and ideas. For technical questions please try documentation, MSDN Forum or StackOverFlow

Do you have an idea or a suggestion for Azure Key Vault based on your experience?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  1. Allow access to the public part of KEYS in KeyVault from ARM templates

    It would be very useful to be able to generate a key and then get the public portion to pass to the appSettings for another App.

    This is needed for secure deployments where some apps may be in different security 'zones' where they cannot have access to a shared key-vault.

    Generating a key would be useful, especially if we could request that one be generated only if it does not already exist.

    At the very least having access to the public portion of the key in the same way we have access to a secret would be very helpful:

    "publicJsonKey"…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  2. Add support for STORING the Storage Account Key in addition to rotating it.

    Add support for STORING the Storage Account Key in addition to rotating it. Rotating the key is only part of the issue for us, the other half is making it available to application teams in a manner that doesn't require us to give them direct access to each and every storage account at the azure resource level. We prefer to give the team a key vault and store the keys in the kv, which makes it simple for the application team to reference it. When it is updated, we update the kv and that's that.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  3. Rename-AzureKeyVaultCertificate

    Could we please be allowed to Restore into a new name or get a Rename-AzureKeyVaultCertificate?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Certificates  ·  Flag idea as inappropriate…  ·  Admin →
  4. I had come across scenario wherein AZURE Key vault doesn’t clear entries of User/application in the “Access policies”, when we delete respec

    I had come across scenario wherein AZURE Key vault doesn’t clear entries of User/application in the “Access policies”, when we delete respective object in Azure AD. I’m wondering, if this require manual way of clearing all stale reference in AKV access polices on regular basis? if that is the case, can we include this feature with upcoming release so that customer needn’t to worry about manually cleanup?

    Please refer attached screenshot which has multiple stale reference part of Access polices, even though actual object were deleted from Azure AD tenant.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Certificates  ·  Flag idea as inappropriate…  ·  Admin →
  5. when remove blue print, please also remove policies it created

    We found that the policies we had created using blueprint were not cleared out when we removed the blueprint. We had to manually remove the policy from policies.

    We should automatically remove those blueprint created policies when delete a blueprint.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  6. allowing special characters in vault name

    Is it possible to allow special characters in vault names, such as "QaKeyVault.CompanyName" ?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  7. function on consumption plan can be added "trusted services azure service" key vault behind firewall

    would like to keep Azure key vault secure, at the same time that the Azure function on consumption plan can access the Key vault.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  8. Arm template to get the reference of Azure Search admin and query keys

    I wanted to add Azure Search admin and query keys as a secret to key vault using ARM template. Is there a way to do it?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  9. KeyVault's secrets improved usability with a Portal

    Adding secret with aplain text (not hashed like now).
    Easier getting secret value like icon on secrets list

    Currently you have to expose secret trying to get it value with a portal and it's secured / hashed when you try to add/change it

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  10. Semicolon bug in Microsoft.Azure.Services.AppAuthentication

    Hi

    I have found a bug in Microsoft.Azure.Services.AppAuthentication package.

    When a {ClientSecret} is generated with a semicolon eg. )}/}I;:}=&GG8U{Zt;4+[Jd{
    you can reproduce the bug.

    I wanted to use AzureServiceTokenProvider to obtain token for keyvault as mentioned in article --

    https://docs.microsoft.com/en-us/azure/key-vault/service-to-service-authentication#running-the-application-using-managed-identity

    Running the application using a Service Principal

    To sign in using an Azure AD shared secret credential:

    RunAs=App;AppId={AppId};TenantId={TenantId};AppKey={ClientSecret}

    When the {ClientSecret} is generated without any semicolon, this approach works well.

    Request you to please fix the issue.

    Regards
    Sekhar Shrivastava

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →

    This is fixed in the preview in the following preview…please try it out and let us know if you have any feedback

    nuget.org/packages/Microsoft.Azure.Services..
    Release Notes
    Documentation can be found at go.microsoft.com/fwlink/p/?linkid=862452.

    Improvements for local development token request times
    Support for CancellationTokens
    Support for specifying user-assigned identity in SQL connection string with SqlAppAuthenticationProvider
    Adding retry logic for MsiAccessTokenProvider
    Removing TenantId as required connection string parameter when using KeyVaultCertificateSecretIdentifier parameter
    Adding quote escaping for connection string parameter values
    Other minor fixes and test updates

  11. Key upload to vault from centos machine

    I need to upload public keys present in my centos machine to azure vault using azure cli .I used az keyvault key import --vault-name 'ContosoKeyVault' --name 'ContosoFirstKey' --pem-file 'path of the key' --pem-password 'Pa$$w0rd' --protection software this command . But i am not able to do this.Can anyone suggest me a solution.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  12. Manually add (or re-add) App Service Key to Key Vault?

    Is there a way that I can re-add my App Service Certificate to my Key Vault?
    The reason I'm asking is that I accidentally deleted the certificate from the Key Vault. The App Service Certificate resource is still there, but the certificate no longer shows up in my Key Vault (obviously).

    https://stackoverflow.com/questions/53202773/azure-manually-add-app-service-certificate-to-key-vault

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Managing application secrets  ·  Flag idea as inappropriate…  ·  Admin →
  13. Rotate secrets when they are uploaded in bulk to vault

    As a compliance activity we remove secrets (app secrets, connection strings, etc) from code and upload them to Azure Key Vault. That provides an opportunity to roll them and have fresh secrets at the moment they are put into the vault.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Managing application secrets  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow certificate upload from Azure Storage

    Currently, the only way to upload a certificate to a Key Vault is to have the file stored locally on the computer that is doing the upload.
    Having the possibility to upload the cert from a Blob would be ideal, as that would mean our certificates could be safely hosted being encrypted Azure Storage, and retrieved with a SAS and directly uploaded to Azure Key Vault without needing to download it locally, and then upload it.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Certificates  ·  Flag idea as inappropriate…  ·  Admin →
  15. Microsoft should be using standards based key exchanges

    Microsoft should not be calling out a specific vendor and have them be a requirement. Instead, they should offer a standards based solution that allows the customer to use their existing HSM. Thales might not be the right choice for every enterprise.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  16. Azure taught students how to defame my reputation and how to spend my money Edge is downloaded and running Apache My name is Lyda G Bonds

    Azure taught a wonderful team called the 403b and the 401k team and now I am being controlled by them Great Job! What happened to your ethics as a company?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  17. BYOK for Gemalto Luna

    How can I BYOK to Azure from Gemalto Luna SA?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  18. excellent

    know better the security of rotation of applicable keys and passwords , with HSMs

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Encryption at rest  ·  Flag idea as inappropriate…  ·  Admin →
  19. Key vault document is really messy

    The current key vault document is really messy, it's really hard to know the whole e2e workflow to setup a keyvault for a web app.
    For example, where to get the client id and client password, how to connect the key vault with application, why there are so many old portal screenshots, why so many powershell scripts if we can just click some button via portal

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Managing application secrets  ·  Flag idea as inappropriate…  ·  Admin →
  20. Should we have two methods for fetching secrets from Key Vault? GetSecretsAsync | GetSecretsNextAsync

    I am using Key Vault Client Library to pull all secrets from Key Vault. I used GetSecretsAsync(maxresults: 25). It yields pagination link to iterate on next set of secrets.

    But I could not browse Key Vault using same GetSecretsAsync(vaultUri: NextPageLink), it did not work.

    After hours of browsing, I found source samples from Key Vault itself which is almost buried in that page. It says we need to use GetSecretsNextAsync().

    On my understanding, we can have same method GetSecretsAsync() for iterating thru secrets rather than a couple of methods.

    For documentation, is it possible to have sample code snippets in…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Custom applications  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base