Share via

What implementation from Azure Key Vault is the correct to host EV Code Signing Certificate from GlobalSign?

Sebastián García 20 Reputation points
2024-04-23T15:56:45.74+00:00

Hi!

We need to renew our Code Signing Certificate. Now we have the OV certificate but the new it's going to be the EV type.

With the new requirements to buy and hold the EV Code Signing Certificate we think the best choice is store the certificate in Azure Key Vault. Prior to all this, we tested the OV certificate creating a Key Vault and signing some files with this certificate stored in Azure: no problems until here.

What is killing me now is what "type of Azure Key Vault" should we use to store the EV code Signing. It's fine the "normal" Key Vault or it must be the "Azure Key Vault Managed HSM"?

Thanks and sorry for my the english.

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,180 questions
0 comments
Accepted answer
  1. Givary-MSFT 30,441 Reputation points Microsoft Employee
    2024-04-30T07:40:30.0266667+00:00

    @Sebastián García Thank you for reaching out to us, As I understand you would like to understand on type of Azure Key Vault should you use to store the EV code Signing.

    If you are looking to store an EV Code Signing Certificate in Azure Key Vault, you can use either a normal Key Vault or an Azure Key Vault Managed HSM. However, it is important to note that Managed HSMs provide single-tenant, zone-resilient (where available), highly available HSMs to store and manage your cryptographic keys. This makes them more suitable for applications and usage scenarios that handle high-value keys and helps to meet the most stringent security, compliance, and regulatory requirements.

    On the other hand, Vaults provide a low-cost, easy to deploy, multi-tenant, zone-resilient (where available), highly available key management solution suitable for most common cloud application scenarios.

    So, if you are looking for a more secure option and have high-value keys, you can go for Azure Key Vault Managed HSM. Otherwise, a normal Key Vault should suffice.

    Would recommend to review this doc - https://learn.microsoft.com/en-us/azure/security/fundamentals/key-management-choose which would help you decide which key vault you want to select based on your needs.

    Let me know if you have any further questions, feel free to post back.

    Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest