![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 53%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,456 questions
Hi,
Many of the Azure services support customer managed keys which basically is encryption of the data stored by those services using keys from Azure Key Vault. By default many of those services encryption is done by Azure. They manage the encryption and the rotation of the keys without that being visible to the end user. In case you want encrypt those services with your own keys you can use keys on Key Vault to do that. It is up to you to manage those keys and the encryption (CMKs). Key rotation policies is a feature in Key Vault that allows new key versions to be issued automatically on schedule. If those keys for which you are renewing automatically are used for encryption using customer managed keys you need to check if that services supports automatically picking the new version of the key or you need to change the configuration of the encryption manually with pointing to the new key version.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.