Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,413 questions
3 answers
TDE for SQL on Azure VM
I have 3 nodes of AAG replica , 2 on EastAsia and 1 on Southeast asia. and there are also 2 Azure Key vault , one in East Asia and One in South east asia . So I would like to know if there are option to sync the TDE key between two Key vaults, …
asked 2020-08-22T10:10:21.733+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 40%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
sakuraime
2,336
Reputation points
commented 2020-09-02T18:28:00.077+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 98%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
KarishmaTiwari-MSFT
20,677
Reputation points Microsoft Employee
2 answers
keyvault extension is not pulling the certificate. do you know where do i check the logs?
keyvault extension is not pulling the certificate. do you know where do i check the logs?
asked 2020-08-11T08:31:50.003+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 3%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAR%3C/text%3E%3C/svg%3E)
Anand Rathi
96
Reputation points
commented 2020-08-31T20:27:42.29+00:00
James Hamil
27,191
Reputation points Microsoft Employee
1 answer
Azure disk encryption
I have a VM with 4 disk encrypted with SSE with PMK & ADE. I added two additional disk to increase the storage pool when I follow instruction - $KVRGname = 'MyKeyVaultResourceGroup'; $VMRGName = 'MyVirtualMachineResourceGroup'; …
asked 2020-08-27T04:52:19.94+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 46%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
prasantc
976
Reputation points
commented 2020-08-31T17:44:07.683+00:00
JamesTran-MSFT
36,871
Reputation points Microsoft Employee
2 answers
How to securely use Azure services from an untrusted client?
Let's say I have a simple client Console App that I want to sell to the public. It's going to access an Azure service, let's say Table Storage. How do I secure the keys to Table Storage? It seems like it's impossible to do with just the client app? I…
asked 2020-08-23T11:02:31.973+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 73%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPM%3C/text%3E%3C/svg%3E)
Paul Marsh
1
Reputation point
answered 2020-08-28T15:53:54.077+00:00
sadomovalex
3,636
Reputation points
2 answers
Azure Key Vault Set Secret from PowerShell- Pattern Match Exception
I am trying to bulk insert secrets to my Key Vault using power shell and Its throwing me Secret Validation exception saying Pattern Mismatch- ^[0-9a-zA-Z-]+$ But same secret, if i am doing manually in the portal, its working fine. Need some insights…
asked 2020-08-25T15:37:55.327+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 24%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPK%3C/text%3E%3C/svg%3E)
Pavan Kumar
1
Reputation point
commented 2020-08-26T17:17:04.15+00:00
JamesTran-MSFT
36,871
Reputation points Microsoft Employee
2 answers
key vault - for multiple app service should I create seperate key vault in one environment
Hi All, I have multiple web apps in each env ( and 4 environments in different azure subscriptions ). We are trying to use key vault but would like to know - 1.) Micorosft document states that we should use separate key vault for each app…
asked 2020-08-26T05:40:10.787+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 14.000000000000002%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENO%3C/text%3E%3C/svg%3E)
Neha Oberoi
11
Reputation points
commented 2020-08-26T08:11:46.053+00:00
Neha Oberoi
11
Reputation points
1 answer
Due to failed command az keyvault create , I cannot remove resource on Azure Key Vault or create a new one.
I am running a Lab for creating a key vault with az CLI on my free tier subscription. The first step was to create a resource group. az group create -n keyvault-aad-pod-identity-rg -l eastus During the second step, I typed wrong the --location…
asked 2020-08-24T22:51:31.913+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 43%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERR%3C/text%3E%3C/svg%3E)
Rodrigo Rios
1
Reputation point
commented 2020-08-25T16:24:25.793+00:00
JamesTran-MSFT
36,871
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Do keyvault tags get cloned during auto-renewal?
My use case is managing certificate that are issued via Digicert API and are set to auto renew. If I set any tags on the latest version of cert, does it get cloned to the next issued version via auto renew? I didn't see any documentation and it…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 2%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
1 answer
Secure Output into foreach activity
In adf, I'm running a for-each loop for a multi-line secret out of Keyvault. and the secret value is visible in parameter. how can I make sure secret is secure but not need to input secret list in the pipeline one by one?
asked 2020-08-03T03:33:09.147+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 25%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECA%3C/text%3E%3C/svg%3E)
CHOI Alex (PT/GDU-AP)
1
Reputation point
commented 2020-08-11T13:58:58.76+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 9%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHM%3C/text%3E%3C/svg%3E)
HarithaMaddi-MSFT
10,136
Reputation points
1 answer
I would like to use azure key vault to send keys to a non-azure vm?, I need this to work in automation with no manual steps
I would like to use azure key vault to send keys to a non-azure vm, I need to deploy multiple vm's in an automation environment and during the deployment/infrastructure, I need to bootstrap these VM's to azure key vault to get certificates and keys on…
asked 2020-07-10T16:42:04.327+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 27%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
redspy
1
Reputation point
commented 2020-08-04T21:16:49.15+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Marilee Turscak-MSFT
37,191
Reputation points Microsoft Employee
1 answer
Key vault Azure data factory problem
Hello I've created a Key vault service to store a secret with the credentials to access to my cosmos DB collection. the secret value is as i show you : …
asked 2020-08-03T10:21:47.5+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 71%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECG%3C/text%3E%3C/svg%3E)
CORONADO GRANADOS Diana Milena
126
Reputation points
answered 2020-08-03T14:34:49.997+00:00
Alex Drenea
6
Reputation points Microsoft Employee
2 answers
One of the answers was accepted by the question author.
Could not access key vault reference metadata
My goal: read a secret value from Azure key vault in Azure function app Steps: Azure key vault side: Generated secret Access control (IAM)>Add role assignment: gave role Reader to my function Secret>Version>Enabled, copy secret…
asked 2020-07-30T12:56:36.11+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 75%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAB%3C/text%3E%3C/svg%3E)
arunabha bhattacharya
181
Reputation points
commented 2020-07-31T15:21:30.377+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 44%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Saurabh Sharma
23,841
Reputation points Microsoft Employee
1 answer
restore keyvault seceretes keys
could not restore keyvault seceretes keys in azure vm
asked 2020-07-26T10:15:00.993+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 46%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
deepak
1
Reputation point
commented 2020-07-29T16:48:31.313+00:00
JamesTran-MSFT
36,871
Reputation points Microsoft Employee
1 answer
It is possible to use single key in keyvault while enabling multiple data and os disk encryption in azure
Hello team, I want to know if I can use one common key and keyvault for enabling encryption on multiple data and OS disk in my azure environment
asked 2020-07-23T11:14:56.153+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 52%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
Ankita Mali
1
Reputation point
answered 2020-07-23T11:38:56.223+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 67%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMJ%3C/text%3E%3C/svg%3E)
Manish Jha
236
Reputation points
1 answer
One of the answers was accepted by the question author.
Key Vault Managed Storage - Key Regeneration/Rotation
I am seeking clarity as to how Key Vault Managed Storage rotates the keys, as the documentation is rather confusing and I believe to be incorrect. Key Vault Managed Storage can be enabled using the following commands: Azure Powershell:…
asked 2020-07-17T16:55:04.677+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(121.6, 15%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Scott
21
Reputation points
commented 2020-07-21T15:40:32.67+00:00
JamesTran-MSFT
36,871
Reputation points Microsoft Employee
2 answers
One of the answers was accepted by the question author.
Disk Encryption - Can we add/enable bitlocker for all datadisks attached to VMs
Hi Team, I would like to enable bitlocker for all datadisks including OS disk. Is it possible to enable bit-locker and store the keys on Azure Key Vault.
asked 2020-07-16T10:55:01.41+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 57.99999999999999%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGP%3C/text%3E%3C/svg%3E)
Girish Prajwal
706
Reputation points
accepted 2020-07-20T12:36:44+00:00
Girish Prajwal
706
Reputation points
1 answer
Azure KeyVault left with stale reference in access policies
I assign an access policy for a managed identity to a keyvault via ARM template. When the identity is deleted, the access policy is NOT removed automatically from the KV and so a stale reference is left behind. Is this expected? Shouldn't the reference…
asked 2020-07-13T18:19:56.037+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 49%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETS%3C/text%3E%3C/svg%3E)
Tejas Shah
6
Reputation points Microsoft Employee
commented 2020-07-14T22:06:34.373+00:00
Tejas Shah
6
Reputation points Microsoft Employee
1 answer
Important notice—Soft delete functionality has been disabled
how do we stop these emails from coming every day? Important notice—Soft delete functionality has been disabled for dscat-eastus2-dev-db-rsv-01 my support team says there is no action needed but we get emails daily
asked 2020-07-07T14:10:55.477+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 97%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESK%3C/text%3E%3C/svg%3E)
STEUBING, KENNETH P
1
Reputation point
commented 2020-07-10T18:54:14.857+00:00
JamesTran-MSFT
36,871
Reputation points Microsoft Employee
1 answer
Internal server error in Azure key vault
We get InternalServerError in the Azure Key Vault - Get Secret action during bulk load in posted to the logic app via HTTP Rest call. About 5-10 % of the entire transaction is failing with the below mentioned error. Error details: Code - 500 …
asked 2020-06-19T06:00:10.603+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 37%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAR%3C/text%3E%3C/svg%3E)
aarthi r
1
Reputation point
answered 2020-07-09T11:49:02.383+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 66%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKG%3C/text%3E%3C/svg%3E)
Ken Golitin
21
Reputation points
3 answers
I need to save my pfx certificates in an HSM
I was investigating that Azure Key Vault uses HSM. Add the following line to import my pfx certificate await keyVaultClient.ImportCertificateAsync(azureKeyVaultsUri, namePFX, base64EncodedCertificate, Password); my question is already…
asked 2020-06-29T17:33:23.487+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 28.000000000000004%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIR%3C/text%3E%3C/svg%3E)
Ismael Ruvalcaba
1
Reputation point
commented 2020-07-08T00:00:35.353+00:00
JamesTran-MSFT
36,871
Reputation points Microsoft Employee