How to: Using Microsoft Azure Key Vault from Web/Cloud application

Azure Key Vault enables users to store and use cryptographic keys within the Microsoft Azure environment. Azure Key Vault supports multiple key types and algorithms and enables the use of Hardware Security Modules (HSM) for high value customer keys. In addition, Azure Key Vault allows users to securely store secrets in a Key Vault; secrets are limited size octet objects and Azure Key Vault applies no specific semantics to these objects.

A Key Vault may contain a mix of keys and secrets at the same time, and access control for the two types of object is independently controlled. Users, subject to appropriate authorization, may:
(1) Manage cryptographic keys using Create, Import, Update, Delete and other operations
(2) Manage secrets using Get, Set, Delete and other operations
(3) Use cryptographic keys with Sign/Verify, WrapKey/UnwrapKey and Encrypt/Decrypt operations. Operations against Key Vaults are authenticated and authorized using Azure Active Directory.

In general, we can use New-AzureRMKeyVault cmdlet to create a key vault with three mandatory parameters:

New-AzureRmKeyVault -VaultName 'ContosoKeyVault' -ResourceGroupName 'ContosoResourceGroup' -Location 'East Asia'

Ok, let we see how to Manage Encryption Keys for Your Cloud Apps with Azure Key Vault – luckily I found this hands-on MVA tutorial. With the new Azure Key Vault service, customers of cloud applications can manage their keys and secrets consistently across their cloud applications.

Please find the part # 1 video which covers background and theory.

Managing cryptographic keys and secrets is an essential part of safeguarding data in the cloud. The part TWO covering all the demos of the Azure Key Vault service​.

For more info you can refer:,

Hope this helps.