Azure Key Vault

Azure Key Vault is a cloud service for securely storing and managing sensitive information — secrets, encryption keys, and certificates. It centralises secret management, reduces the risk of accidental exposure, and integrates deeply with other Azure services and Entra ID.

---

Why Use Azure Key Vault?

Storing sensitive data in application code, configuration files, or environment variables creates multiple risks:

• Exposure — secrets in source code can be leaked through repositories
• Sprawl — the same secret duplicated across multiple applications is hard to manage
• Rotation — updating a secret requires redeploying every application that uses it
• Auditing — there is no central log of who accessed which secret and when

Key Vault solves all of these problems:

Benefit	Description
Centralised storage	All secrets, keys, and certificates in one secure location
Access control	Entra ID authentication and RBAC or access policies
Audit logging	Every access is logged and can be monitored
Automatic rotation	Integration with services that support auto-rotation
Hardware protection	HSM-backed keys for the highest level of security

---