@Sebastián García Thank you for reaching out to us, As I understand you would like to understand on type of Azure Key Vault should you use to store the EV code Signing.
If you are looking to store an EV Code Signing Certificate in Azure Key Vault, you can use either a normal Key Vault or an Azure Key Vault Managed HSM. However, it is important to note that Managed HSMs provide single-tenant, zone-resilient (where available), highly available HSMs to store and manage your cryptographic keys. This makes them more suitable for applications and usage scenarios that handle high-value keys and helps to meet the most stringent security, compliance, and regulatory requirements.
On the other hand, Vaults provide a low-cost, easy to deploy, multi-tenant, zone-resilient (where available), highly available key management solution suitable for most common cloud application scenarios.
So, if you are looking for a more secure option and have high-value keys, you can go for Azure Key Vault Managed HSM. Otherwise, a normal Key Vault should suffice.
Would recommend to review this doc - https://learn.microsoft.com/en-us/azure/security/fundamentals/key-management-choose which would help you decide which key vault you want to select based on your needs.
Let me know if you have any further questions, feel free to post back.
Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.