It best to use a key vault per application per environment or VM.
This is useful in not sharing confidential items across environments or VMs significantly reduces the dangers of a possible breach.
Make sure you also take regular back ups of your vaults.
Azure Key Vault
Would Microsoft recommend using a single Key Vault for Azure disk encryption purpose for all "VM"s in a single subscription (not a very large scale environment, about 100 VMs) or would you recommend having a separate Key Vault with each VM/Resource group in the same subscription?
2 answers
Sort by: Most helpful
-
Methsara Premarathna 0 Reputation points
2020-09-07T04:37:55.553+00:00 -
soumi-MSFT 11,781 Reputation points Microsoft Employee
2020-09-07T05:12:25.5+00:00 anonymous user, thank you for reaching out. We usually do recommend using a separate Key Vault specific to each Resource Group in terms of Azure Resources, to make it easier for maintenance.
If VMs are placed in separate resource Groups, its advisable to add one Key Vault per Resource Group to maintain the VMs disks present in that specific Resource Group.
Hope this helps.
Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.