What is Management and Data plane in Azure Key Vault?

Saurabh Sharma 23,786 Reputation points Microsoft Employee

What is Management and Data plane in Azure Key Vault?

[Note: As we migrate from MSDN, this question has been posted by an Azure Cloud Engineer as a frequently asked question]

Source: Secure your key vault

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,442 questions
0 comments No comments
{count} votes

Accepted answer
  1. Marilee Turscak-MSFT 36,161 Reputation points Microsoft Employee

    The Management plane interface is used for managing the Key Vault itself which includes operations like creating and deleting key vaults, retrieving key vault properties, and updating access policies.

    The data plane is used for working with the data stored in a key vault and includes operations of add, delete, and modify keys, secrets, and certificates.

    Access to a key Vault is controlled through these two planes and the applications access these planes through endpoints. Refer to Resource endpoints for details.

    The Management plane access is provided through RBAC whereas access to a data plane is provided through Key Vault access policies.

    Source: Secure your key vault

    1 person found this answer helpful.
    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Iyer, Suryanarayan 1 Reputation point


    Attached document has some details on the working of each plane with flow diagram as an example taken from Microsoft Learn.

    Hope this would help you further to understand about each plane.

    If the document adds value to your question then please accept this as an solution.

    0 comments No comments