Azure Key Vault Reviews

I am a system architect and this is one of the products that I work with when designing systems for our customers. This key vault allows you to store passwords and secret keys so that you can retrieve them when needed. Each customer will have their own secret password that can be used in a cloud-based scenario to retrieve their login usernames, passwords, and other secrets.

The most valuable feature is that you can retrieve user account details from the cloud.

Azure needs to provide versions of Key Vault that are suitable for different sizes of companies. For example, we are not a big corporation that can afford corporate-level pricing. We have to strike a balance between the number of users and the volume of keys that are being used.

I have been using the Microsoft Azure Key Vault for close to two years.

This is a stable product and I haven't had any issues. The performance decreases as many keys are added to the vault. For example, it will be slow if we have 1,000 users.

Scalability is related to the licensing plan. At some point, the number of keys that can be stored will run out until the vault plan is upgraded.

The product support is awesome and I don't have any issues with it.

Azure is the first key vault that we have used.

The initial setup is straightforward. It is not complex, although it takes weeks to implement because we have to integrate with other modules.

Our in-house team handles deployment.

The cost of the Azure Key Vault is very high and the pricing model is based on the number of keys that you store and retrieve. It is billed in blocks, such as 1,000 passwords that I can store. However, if I am paying to store information for 1,000 users then the pricing is not discounted if I only need to store 500.

I am currently evaluating HashiCorp Vault because it is more economical than Azure Key Vault.

In summary, this is a good product and one that I recommend.

I would rate this solution an eight out of ten.

We use Microsoft Azure Key Vault to store some secrets and then we use them outside in connectors in the Data Factory.

The most valuable features of Microsoft Azure Key Vault are the security and convenience of changing passwords in multiple places.

I have used Microsoft Azure Key Vault within the past 12 months.

I would rate the stability of Microsoft Azure Key Vault an eight out of ten.

We use the solution in the data science field. If there is some outage, we did not notice any prolonged outage which would affect our business significantly while working with it.

We did interact with the technical support from Microsoft and we did not have any negative experiences with them.

My advice to others is to figure out what your needs are and then start using the solution if it fits.

I rate Microsoft Azure Key Vault a nine out of ten.

We have an application connecting to the database. So we have implemented an authentication in place wherein without that particular secret value, it won't be authenticated. So that is a use case that I can tell you about Azure Key. We have implemented it for some small identity providers as well. 

Using Azure key Vault has increased the security of our organization. 

I would say its granular access control is the most valuable feature.

It would be great if it would integrate with other cloud solutions.

I have been using Azure Key Vault for the past 2 years. 

I think the stability works perfectly. I've never seen a block from the cloud side. But there might be some problems when we are configuring it. So maybe we are missing some strings or something, but I have never seen an issue from the cloud side.

A thousand people using the solution at present.

You have to configure based on, like, who should access routers, security should be generated, the identity management and everything. And Azure Microsoft people have provided a good documentation on it. They have provided a good labs also and good videos also for reference. So I believe everything is good on that part.

I would rate the overall solution an eight out of ten. 

The product’s most valuable feature is the ability to store secret information.

Azure Key Vault has been a crucial component in securing sensitive information within our organization. It includes storing critical details such as usernames, passwords, and other confidential data.

It is a simple service. I rate the stability a nine out of ten.

The service is easy to set up. However, the process requires various details, such as access controls and permissions. It includes determining who can create, read, or modify secrets. Overall, it is relatively easy and can be efficiently deployed through templates into CI/CD pipelines and DevOps workflows.

The product is inexpensive.

The platform provides straightforward integration with most of the other Azure services. It has improved the compliance and auditing processes. Earlier, we had to either store secret information inside the application or develop a custom solution to comply with it. There was a high chance of the data getting corrupted as different people had access to it.

I rate Azure Key Vault an eight out of ten.

I have used the solution on a couple of projects for a client, mainly for storing credentials and secrets, such as API keys and application or username passwords into the vault, as well as certificates. 

It is used for anything we need to keep safe and secure and not have users access, except via applications that programmatically access Key Vault and retrieve the secrets and connect to other APIs. That way, we don't supply usernames and passwords within application code or to people. We vault them in Key Vault and those secrets can be used within an application without human intervention.

Azure Key Vault is a SaaS solution.

You have to have this to make sure that you're compliant with security and governance. One of the main concerns with compliance is how you manage keys and secrets in your cloud environments. You're encrypting your data at rest and in transit, but where do you store the encryption key itself to not become compromised? Key Vault addresses all those concerns. This is one of the main tools and, without it, it's hard to implement and address one of the main pillars of cloud architecture, which is security.

The whole nature of it is to help make things autonomous, because you can run infrastructure as code. That really takes away the human factor and you can fully automate the creation and management of, and access to, the keys, including the rotation of the keys. By taking away the human element, it's really secure. And, implementation-wise, when you're using Key Vault, Microsoft is behind it and they're using the best methods for encryption and ciphering of keys. You don't have to worry about those things.

It really simplifies the whole process, in contrast to needing in-house experts to help you facilitate key management. When it comes to two main concerns, encryption of the data in transit and at rest, it is a service that is with you all the time. It has a low cost and it's ready to implement. You don't have to have 10 developers build something that you don't even know will be successful, versus a service that has already been tested across global enterprise companies.

All its features are really valuable. It's really well thought-out. It's a complete turnkey solution that has all the concerns taken care of, such as access control and management. You can use it in infrastructure as code to create key vaults, APIs, PowerShells, CLIs, even Terraform.

You can also use it in different services across the board. If you have app services, or virtual machines, Kubernetes, or Databricks, they can all use Key Vault effectively. In my opinion, in a DevSecOps, DevOps, or even in a modern Azure implementation, you have to use Azure Key Vault to make sure you're addressing security and identity management concerns. By "identity" I mean usernames, passwords, cryptography, et cetera. 

It's also a regional solution and it frees you up from using third parties like HashiCorp Vault, for example.

In addition, there is a feature in Azure called managed identities, and when storing your credential or any keys or secrets in that you can have your code use managed identities to access Key Vault. That simplifies the whole process of connecting to Key Vault and retrieving your secrets, passwords, and credentials. 

It's a full-blown solution and it supports most breeds of key management: how you store keys and certify. 

I can't say that one of its features is better than others. You have to have all of them to make it a competent service, although one of the especially important features is the connection with monitoring and logging, so you can see who had access to what.

If you check the capabilities of other key management services across Amazon, HashiCorp, and Google, there are features that Key Vault doesn't have. It could be the case that when you use Key Vault, you might be forced to use a third-party solution to get certain services. If those services could be included in Key Vault, there would be diminished reasons to go for a third-party key management system.

I was using Microsoft Azure Key Vault until two years ago, but since then I've been actively using it for two or three different projects.

It's stable. There is the SLA and the resiliency that goes with Azure. Because many services are dependent on Key Vault, if it's highly available and redundant, it helps a lot. You can imagine how many times applications would go down if Key Vault were not available. It is one of the high-demand services. Anything that needs to access a key or a certification is dependent on Azure Key Vault. 

So far, compared to other services that are available in the Azure environment, I haven't seen anything surprising with the stability or availability of Key Vault.

It's scalable and global in its performance. I have implemented it for one of the largest pharmaceutical companies in the whole world, a company that operates on a global scale. Key Vault is a main ingredient for every one of their infrastructure pieces that is tied to it. The scale of that company in its use of Key Vault was phenomenal.

I haven't needed to contact Microsoft support about Key Vault. There have been instances when I have had to talk with Microsoft support about Graph API for Active Directory and other services, and even to the cloud adoption framework team, but never for Key Vault. It is just so straightforward.

The complexity depends on what you're trying to do with Key Vault. It can get complex or it can be simple. You don't expect advanced scenarios to be easy to implement because it has many ingredients. If someone is simply going to Azure portal to create a secret and retrieve it, it's simple. But if you want to tie in your services, and have role-based control over who can access keys, and what services are tied to the keys, it gets complicated. But that's not just Azure. That complexity comes with the level of complexity of the scenario.

Key Vault is easy to use because there are many APIs and mechanisms to create and retrieve. The concepts are easy. I use it in many scenarios, such as building infrastructure as code, consuming it in Kubernetes. Everything seems to be straightforward. It is really the de facto for key management and vaulting secrets. 

For example, one of the applications recently we developed needed to store the username and password of the service that connects to SQL Server. I found it was super-easy to tie the credentials within the application configuration files to Key Vault to retrieve the keys. It was a no-brainer for a developer to learn and do it. It took about 15 to 30 minutes to follow the documentation. And it has really nice documentation. Performing any action using the features of Key Vault is really easy as it's user-friendly. Depending on your level of skill, the deeper you get, the more features you can use.

Key Vault, like every Azure service, has a cost associated with it, but you don't have to spend thousands of dollars to spin up an environment to build a key management system. It's already there.

You pay as you go, similar to other services in Azure.

There are many other tools that I am still using, including AWS Secrets Manager, CyberArk, and Conjur, but none of them is close to Key Vault.

One of the benefits of Azure Key Vault is its integration with Active Directory, as is the case with most of the services in Azure. That really adds something to all the services.

Also, Managed HSM is not available in those other solutions. You have to go with HashiCorp Vault to get that. 

In addition, the key rotation feature of Key Vault is a lot better than in AWS Secrets Manager. CyberArk and Conjur, are more one-off products for specific use cases. You have to purchase a license and implement and manage them yourself, and not everything works seamlessly in CyberArk.

Conjur was good until Key Vault supported containerization. Azure created services for using blob storage, and those features of Key Vault came naturally as part of the whole cloud stack. 

Key Vault covers different problems for various personas and roles. As a developer, you get a lot of benefits that you don't get when you start developing with other tools, excluding HashiCorp Vault. HashiCorp Vault is really neat, and the only downside is that you have to manage the infrastructure yourself.

I'm a cloud architect. If I don't see that Key Vault has been included in a proposed architecture, I don't approve it. It's a main ingredient in any cloud enterprise infrastructure and architecture. When you're using Azure, you have to have this or a third-party solution. If someone shows me a third-party solution, I have to ask, "What's the cost of owning this component that you're adding to the architecture? Is it included, like Key Vault, or do you have to pay for it like with HashiCorp Vault?" With Azure Key Vault you have something that is free, enterprise-level, global, and it just works.

I don't know if we could survive without Key Vault in a cloud implementation and still call it a secure platform. These days, you have to have Azure Key Vault or some third-party mechanism such as HashiCorp Vault. You need something that addresses key management in your cloud environment. But why should you pay for extra resources, costs, and management overhead, if everything is managed by Azure itself?

We integrate Azure Key Vault to Azure DevOps for configuration automation. It allows selected access to the client IDs. Centralizing these keys ensures developers don't have direct access to sensitive information. Instead, the platform management team or developers can securely retrieve these keys during the pipeline execution.

The platform has a valuable feature for seamless integration. It's integrated into Azure API Management and Azure DevOps or directly into code. It supports various environments.

Azure Key Vault takes time to fetch values while integrating it with the code written in .NET format.

We have been using Azure Key Vault for four to five years.

I have been using it for five years, and it has been a stable product.

We have more than 100 Azure Key Vault users in our organization. It is a scalable product in terms of adding keys.

The product costs much less compared to other vendors.

Azure Key Vault is easy to use. It is a best practice and must be used within architecture implementation for security. I rate it an eight out of ten.

We use it to store our secrets and passwords for our integrations and applications.

We only use the basic features and those are the ones that have the ability to tie into the app, the secrets, and the passwords and encrypt them.

So far we've had good luck with it. We haven't had any bad experiences. Once we got it set up and we got it injected into our code, we've had pretty good success.

I have been using Microsoft Azure Key Vault for around a year and a half. 

We have about 225 applications that are using it.

Their technical support was good when we used them.

Positive

We did not use a different solution. This is our first time using the services.

The initial setup was pretty straightforward. 

I thought the price was reasonable. 

My advice would be to definitely leverage your premier support to help you get it going. Once you get going on it, it's fairly simple to use.

I would rate it an eight out of ten. 

To make it a ten the setup should be more streamlined.

Our primary use case for Azure Key Vault is cloud applications that are being developed and deployed on Azure. In addition, we use it to store secrets that are used for on-premises applications.

The best feature is the integrity of the .NET applications in our company.

The big problem with Azure Key Vault is key rotation. We haven't found a good way to synchronize the credentials between the databases and Key Vault.

We have been using Microsoft Azure Key Vault for about one and a half years.

Azure Key Vault is stable. We haven't had issues with it in terms of reliability.

The scalability of Key Vault depends on how we develop applications. The technical part of integrating between the cloud and Key Vault is easy. It's more that the development of life cycle processes needs to be improved. That's one of the big problems. They have to improve it so that all projects and all servers achieve integration easily. But that's not so much an Azure Key Vault issue. It has more to do with the processes of our company.

We don't look at the number of users but, rather, what are called service principals in Azure Key Vault. We have a lot of service principal applications.

Our first step is always to try to find issues ourselves. If we can't handle an issue we escalate the request to a local Microsoft support provider. If they don't have the answer, they go directly to Microsoft.

We have been using Azure Key Vault and Centrify. We have begun a migration to CyberArk because our provider told us about a technology change and offered to migrate us from Centrify to CyberArk. We are looking to understand what CyberArk's capabilities are in comparison with Azure Key Vault. We are trying to decide which option is the best one to go with. What we have learned is that each product has particular issues that make us think that we need to keep both. The issue we have is with the rotation of databases and servers. CyberArk accomplishes it better. That's why we are trying to integrate these two solutions.

It's not complex to set up. It's easy to configure secrets.

What can be a little difficult is establishing a good design and governance of the Key Vault repositories. Sometimes it's difficult to understand if we need one key vault or multiple key vaults. Do we need a key vault instance for an environment or do we need multiple key vaults for our databases or maybe multiple key vaults for the segregation of services according to on-premises and cloud? But creating a secret and integrating an application you're going to consume the secret with is easy.

We have four operators responsible for Key Vault and CyberArk.

Azure is cheaper than CyberArk. You can configure a lot of applications with it, but the key rotation issue is there. CyberArk has good key rotation. It integrates with a lot of technologies and a lot of different types of databases. CyberArk is good, but it's quite expensive. 

Both Azure Key Vault and CyberArk are paid annually.

I would rate Azure Key Vault a seven out of 10 because of the key rotation issues. They are a big problem. The integration of the application is easy, but key rotation is not easy. It needs a lot of improvement.

From what I have seen from CyberArk in terms of services, key rotation, and its integration with technologies, it's quite good. The big problem is its pricing. I would rate CyberArk at 8.5 out of 10.