Azure Key Vault

We are listening! Please take a few moments to submit your ideas or up-vote already submitted ideas by others. Azure Key Vault team regularly monitors and reviews all feedback submitted on this forum. You will be one of the first to know when a requested feature will be worked on! So be sure to vote or submit your ideas! Remember this site is for feature suggestions and ideas. For technical questions please try documentation, MSDN Forum or StackOverFlow

  1. nCipher Security has only one product, general purpose HSM

    LOL, this happen if somebody is not doing his work properly and only rename vendor.
    nCipher Security has only general purpose HSM and has no activities in NATO or with payment solution. The text is about Thales company.

    nCipher Security is a leading global provider of data encryption and cyber security solutions to the financial services, high technology, manufacturing, government, and technology sectors. With a 40-year track record of protecting corporate and government information, nCipher Security cryptographic solutions are used by four of the five largest energy and aerospace companies. Their solutions are also used by 22 NATO countries/regions, and…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  2. Secure export options and access to KeyVault secrets from login screens

    Would be great to have following options in Key Vault – structured security permissions for all cryptographic resources. Possibility to deliver KeyVault secrets to users in secure way – direct export to encrypted archive + password, without use of system clipboard. One more option – direct access to KeyVault secret from mstsc or Windows Hello login screen, without copying of the sensitive information via system clipboard. Together with MFA security option KeyVault secret assigned to appropriate user can work as primary or backup login option.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Managing application secrets  ·  Flag idea as inappropriate…  ·  Admin →
  3. Does Azure support AES (symmetric) keys? We have tried to use CreateKe, ImportKey with kty=oct to support AES without success.

    We think Azure key vaults do not support AES (Advanced Encryption Standard, symmetric) keys. We have been trying to use these two APIs: https://docs.microsoft.com/en-us/rest/api/keyvault/importkey/importkey
    and https://docs.microsoft.com/en-us/rest/api/keyvault/createkey/createkey
    to upload AES 256 keys to Azure key vaults or to create AES 256 keys in the Azure key vaults. We assigned kty=oct and they all failed with the error message:
    {
    "error": {
    "code": "BadParameter",
    "message": "Invalid kty value: oct",
    "innererror": {
    "code": "KeyTypeNotSupported"
    }
    }
    }

    It clearly says the key type (kty=oct) is not supported. However, the Azure documentation indicates it should be supported. Could anyone confirm whether Azure supports the…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. I facing issue while settng / getting secret keys using Key Voult API. I am getting 501 response from these API's

    I facing issue while settng / getting secret keys using Key Voult API. I am getting 501 response from these API's

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  5. Provide the ability to insert multiple secrets via JSON dictionary or similar method via command line

    Today, secrets are able to be added manually and via file, which from my knowledge only accepts one key value pair for the secret. It would be nice to have the ability to insert multiple secrets at once.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Managing application secrets  ·  Flag idea as inappropriate…  ·  Admin →
  6. I facing issue while settng / getting secret keys using Key Voult API. I am getting 501 response from these API's

    I facing issue while settng / getting secret keys using Key Voult API. I am getting 501 response from these API's

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Managing application secrets  ·  Flag idea as inappropriate…  ·  Admin →
  7. Don't show Key Vault secrete values in the Azure Portal

    Today when secrets are added to Key Vault, the value of secret is visible in Azure Portal (initially secrets are masked out, but clicking on secret allows to see its value secret).

    There should be an option NOT to see secret's value once it’s added to the vault.

    This way if Azure Portal is compromised, secretes are still secure.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Managing application secrets  ·  Flag idea as inappropriate…  ·  Admin →
  8. Key Vault Service Limits

    The Key Vault limits are at a 10 second granularity but the granularity of its metrics are 1 minute. Please consider adjusting the limits to be in line with the granularity of the metrics available.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  9. Show keys/secrets paths next to certificates path

    In the key vault portal, when you view a certificate, the top URL is the "Certificate Identifier". If you specify this in Express V2 deployment, it will only contain the public key. If you need the cert with private key, you have to go to the bottom of the page and look for the "Secret Identifier" URL and use that instead. IMO, the "Key Identifier", "Secret Identifier" and "Certificate Identifier" URLs should all be at the top of the certificate version page, and they should have some help text to indicate the difference.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Certificates  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow certificate versions to be deleted

    You can create new certificate versions, but you can only delete all versions at the same time, when deleting the certificate itself. If a new cert gets created that shouldn't have been, I can't delete it without deleting my other valid ones. That means that I have to always specify instance versions to retrieve instead of "latest", since I have no way to remove "latest" if it was mistakenly created.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Certificates  ·  Flag idea as inappropriate…  ·  Admin →
  11. Support dot in property name

    Dots are very common in Java spring boot properties, and many spring boot starter projects.

    Azure key vault should support dot in the property name.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Custom applications  ·  Flag idea as inappropriate…  ·  Admin →
  12. Soft-Deleting KeyVault should release the Resource name

    If I delete a KeyVault with "SoftDelete", it should be possible to create a new KeyVault with the same name.

    An internal versioning logic should be able to distinguish between the versions.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  13. CDN - SSL - Incorrect version selected on dropdown

    CDN Profiles -> Custom Domain -> HTTPS -> Own certificate, once the KeyVault Certificate/Secret Version dropdown is loaded, it seems to always select the first item (current version) even though it is an older version that's currently deployed.

    In order to actually deploy the current version, user will need to first select an older version and then re-select the current version because the save button is disabled by default.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Certificates  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow access to the public part of KEYS in KeyVault from ARM templates

    It would be very useful to be able to generate a key and then get the public portion to pass to the appSettings for another App.

    This is needed for secure deployments where some apps may be in different security 'zones' where they cannot have access to a shared key-vault.

    Generating a key would be useful, especially if we could request that one be generated only if it does not already exist.

    At the very least having access to the public portion of the key in the same way we have access to a secret would be very helpful:

    "publicJsonKey"…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  15. Add support for STORING the Storage Account Key in addition to rotating it.

    Add support for STORING the Storage Account Key in addition to rotating it. Rotating the key is only part of the issue for us, the other half is making it available to application teams in a manner that doesn't require us to give them direct access to each and every storage account at the azure resource level. We prefer to give the team a key vault and store the keys in the kv, which makes it simple for the application team to reference it. When it is updated, we update the kv and that's that.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  16. Rename-AzureKeyVaultCertificate

    Could we please be allowed to Restore into a new name or get a Rename-AzureKeyVaultCertificate?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Certificates  ·  Flag idea as inappropriate…  ·  Admin →
  17. I had come across scenario wherein AZURE Key vault doesn’t clear entries of User/application in the “Access policies”, when we delete respec

    I had come across scenario wherein AZURE Key vault doesn’t clear entries of User/application in the “Access policies”, when we delete respective object in Azure AD. I’m wondering, if this require manual way of clearing all stale reference in AKV access polices on regular basis? if that is the case, can we include this feature with upcoming release so that customer needn’t to worry about manually cleanup?

    Please refer attached screenshot which has multiple stale reference part of Access polices, even though actual object were deleted from Azure AD tenant.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Certificates  ·  Flag idea as inappropriate…  ·  Admin →
  18. when remove blue print, please also remove policies it created

    We found that the policies we had created using blueprint were not cleared out when we removed the blueprint. We had to manually remove the policy from policies.

    We should automatically remove those blueprint created policies when delete a blueprint.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  19. allowing special characters in vault name

    Is it possible to allow special characters in vault names, such as "QaKeyVault.CompanyName" ?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  20. Arm template to get the reference of Azure Search admin and query keys

    I wanted to add Azure Search admin and query keys as a secret to key vault using ARM template. Is there a way to do it?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base