What is Management and Data plane in Azure Key Vault?

Saurabh Sharma 17,366 Reputation points Microsoft Employee

What is Management and Data plane in Azure Key Vault?

[Note: As we migrate from MSDN, this question has been posted by an Azure Cloud Engineer as a frequently asked question]

Source: Secure your key vault

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,845 questions
0 comments No comments
{count} votes

Accepted answer
  1. Marilee Turscak-MSFT 24,396 Reputation points Microsoft Employee

    The Management plane interface is used for managing the Key Vault itself which includes operations like creating and deleting key vaults, retrieving key vault properties, and updating access policies.

    The data plane is used for working with the data stored in a key vault and includes operations of add, delete, and modify keys, secrets, and certificates.

    Access to a key Vault is controlled through these two planes and the applications access these planes through endpoints. Refer to Resource endpoints for details.

    The Management plane access is provided through RBAC whereas access to a data plane is provided through Key Vault access policies.

    Source: Secure your key vault

    1 person found this answer helpful.
    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Iyer, Suryanarayan 1 Reputation point


    Attached document has some details on the working of each plane with flow diagram as an example taken from Microsoft Learn.

    Hope this would help you further to understand about each plane.

    If the document adds value to your question then please accept this as an solution.

    0 comments No comments