What is Azure KeyVault?

• Centralize the storage of application secrets, keys and certificates
• Uses FIPS 140-2 level 2 validated HSMS
• Enable logging to monitor how and when secrets are being used
• Enables centralized administration of secrets

Azure KeyVault stores:

• Keys (i.e. encryption key)
• Secrets (i.e. connection string, token etc.)
• Certificates

KeyVault recommendations

• Use separate key vault for each application or environment
• Take regular backups of your key vault
• Turn on logging and set up alerts
• Turn on soft delete and purge protection