key vault & data in transit RRS feed

  • Question

  • can i use the key vault (byok) to manage keys for data in transit?

    i'm not sure but cannot put my finger on a resource to confirm that

    Wednesday, May 13, 2020 11:51 AM

All replies

  • Just following-up to keep you posted.


    Thank you for the question.This query is related Azure-Key-vault, Open a New forum thread in Key-Vault forum as it could be better place to get help on your scenario. These forum community members could provide their expert guidance on your scenario based on their experience. Thanks.

    We're migrating from MSDN to Microsoft Q&A as our new forums and Azure Azure Key Vault has already made the move!

    In future, you can ask and look for the discussion for Azure Key-vault related questions on the respective forums: 

    We are actively working to onboard remaining Azure services on Microsoft Q&A.
    We will make a public announcement once complete. 
    Want to Learn more about new platform, see Microsoft Q&A Getting Started: 

    Hope this helps! 

    Kindly let us know if the above helps or you need further assistance on this issue.  

    Do click on "Mark as Answer" and Upvote on the post that helps you, this can be beneficial to other community members.

    Thursday, May 14, 2020 11:16 AM
  • Hello grundlichkeit

    There are two ways to leverage BYOK scenario . You can import HSM protected keys to Key vault or you can use Azure Dedicated HSM itself. 

    You can import or generate keys in hardware security modules that wont leave the HSM boundary . The key can be then imported to Key vault. Key vault uses nCipher nShield / thales family of HSM mdoules to protect your keys. I would suggest to go though the following articles. 

    Import HSM protected Keys to Key vault 

    Import HSM-protected Keys to Key vault(preview) 

    There are some limitations though as the service is ever evolving and we continue to add new features to the same. Currently Importing 1024-bit keys or EC(Elliptic curve) key is not supported . 

    Alternatively you can use Azure Dedicated HSM service to store your Keys (BYOK scenario)  . Azure Dedicated HSM is a service that provides FIPS 140-2 L3 complaint hardware in Azure where you can store your cryptographic keys. Its a service where a HSM module will be made available for you and associated to a virtual network within your subscription. This is not currently configurable using Azure Portal and can only be configured using powershell or Azure CLI

     This service is available in some regions and we continue to add new regions to it . Please check availability before deployment. 

    Hope the information was helpful . Please go through the links provided and it would provide you enough information to get started. In case you have any further query . please let us know and we will be happy to help . In case the information provided helped , please do mark it as answer in the interest of the community. 

    Also as my colleague SumanthMarigowda-MSFT pointed out , we are going to transition from MSDN forums to Microsoft QnA which will be new home for Azure products related community. I would strongly encourage you to check the same and post any future queries there. 

    Thank you. 

    Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!!

    Thursday, May 14, 2020 11:47 AM
  • Hello SumanthMarigowda,

       I posted a question to the Autoruns forum and did not get an answer; I don't think it was looked at so I am reaching out to someone very active on the forum. Would you help me get started using Autoruns?


    Thursday, May 14, 2020 12:43 PM

  • Firstly, apologies for the delay in responding here! I would love to help you on your query, but I am not much expertise on Autoruns, For quicker resolution I would recommend you to contact support, so If you have a support plan, I request you file a support ticket

    Thursday, June 4, 2020 3:50 PM