Microsoft Azure Key Vault Reviews

I have used the solution on a couple of projects for a client, mainly for storing credentials and secrets, such as API keys and application or username passwords into the vault, as well as certificates. 

It is used for anything we need to keep safe and secure and not have users access, except via applications that programmatically access Key Vault and retrieve the secrets and connect to other APIs. That way, we don't supply usernames and passwords within application code or to people. We vault them in Key Vault and those secrets can be used within an application without human intervention.

Azure Key Vault is a SaaS solution.

You have to have this to make sure that you're compliant with security and governance. One of the main concerns with compliance is how you manage keys and secrets in your cloud environments. You're encrypting your data at rest and in transit, but where do you store the encryption key itself to not become compromised? Key Vault addresses all those concerns. This is one of the main tools and, without it, it's hard to implement and address one of the main pillars of cloud architecture, which is security.

The whole nature of it is to help make things autonomous, because you can run infrastructure as code. That really takes away the human factor and you can fully automate the creation and management of, and access to, the keys, including the rotation of the keys. By taking away the human element, it's really secure. And, implementation-wise, when you're using Key Vault, Microsoft is behind it and they're using the best methods for encryption and ciphering of keys. You don't have to worry about those things.

It really simplifies the whole process, in contrast to needing in-house experts to help you facilitate key management. When it comes to two main concerns, encryption of the data in transit and at rest, it is a service that is with you all the time. It has a low cost and it's ready to implement. You don't have to have 10 developers build something that you don't even know will be successful, versus a service that has already been tested across global enterprise companies.

All its features are really valuable. It's really well thought-out. It's a complete turnkey solution that has all the concerns taken care of, such as access control and management. You can use it in infrastructure as code to create key vaults, APIs, PowerShells, CLIs, even Terraform.

You can also use it in different services across the board. If you have app services, or virtual machines, Kubernetes, or Databricks, they can all use Key Vault effectively. In my opinion, in a DevSecOps, DevOps, or even in a modern Azure implementation, you have to use Azure Key Vault to make sure you're addressing security and identity management concerns. By "identity" I mean usernames, passwords, cryptography, et cetera. 

It's also a regional solution and it frees you up from using third parties like HashiCorp Vault, for example.

In addition, there is a feature in Azure called managed identities, and when storing your credential or any keys or secrets in that you can have your code use managed identities to access Key Vault. That simplifies the whole process of connecting to Key Vault and retrieving your secrets, passwords, and credentials. 

It's a full-blown solution and it supports most breeds of key management: how you store keys and certify. 

I can't say that one of its features is better than others. You have to have all of them to make it a competent service, although one of the especially important features is the connection with monitoring and logging, so you can see who had access to what.

If you check the capabilities of other key management services across Amazon, HashiCorp, and Google, there are features that Key Vault doesn't have. It could be the case that when you use Key Vault, you might be forced to use a third-party solution to get certain services. If those services could be included in Key Vault, there would be diminished reasons to go for a third-party key management system.

I was using Microsoft Azure Key Vault until two years ago, but since then I've been actively using it for two or three different projects.

It's stable. There is the SLA and the resiliency that goes with Azure. Because many services are dependent on Key Vault, if it's highly available and redundant, it helps a lot. You can imagine how many times applications would go down if Key Vault were not available. It is one of the high-demand services. Anything that needs to access a key or a certification is dependent on Azure Key Vault. 

So far, compared to other services that are available in the Azure environment, I haven't seen anything surprising with the stability or availability of Key Vault.

It's scalable and global in its performance. I have implemented it for one of the largest pharmaceutical companies in the whole world, a company that operates on a global scale. Key Vault is a main ingredient for every one of their infrastructure pieces that is tied to it. The scale of that company in its use of Key Vault was phenomenal.

I haven't needed to contact Microsoft support about Key Vault. There have been instances when I have had to talk with Microsoft support about Graph API for Active Directory and other services, and even to the cloud adoption framework team, but never for Key Vault. It is just so straightforward.

The complexity depends on what you're trying to do with Key Vault. It can get complex or it can be simple. You don't expect advanced scenarios to be easy to implement because it has many ingredients. If someone is simply going to Azure portal to create a secret and retrieve it, it's simple. But if you want to tie in your services, and have role-based control over who can access keys, and what services are tied to the keys, it gets complicated. But that's not just Azure. That complexity comes with the level of complexity of the scenario.

Key Vault is easy to use because there are many APIs and mechanisms to create and retrieve. The concepts are easy. I use it in many scenarios, such as building infrastructure as code, consuming it in Kubernetes. Everything seems to be straightforward. It is really the de facto for key management and vaulting secrets. 

For example, one of the applications recently we developed needed to store the username and password of the service that connects to SQL Server. I found it was super-easy to tie the credentials within the application configuration files to Key Vault to retrieve the keys. It was a no-brainer for a developer to learn and do it. It took about 15 to 30 minutes to follow the documentation. And it has really nice documentation. Performing any action using the features of Key Vault is really easy as it's user-friendly. Depending on your level of skill, the deeper you get, the more features you can use.

Key Vault, like every Azure service, has a cost associated with it, but you don't have to spend thousands of dollars to spin up an environment to build a key management system. It's already there.

You pay as you go, similar to other services in Azure.

There are many other tools that I am still using, including AWS Secrets Manager, CyberArk, and Conjur, but none of them is close to Key Vault.

One of the benefits of Azure Key Vault is its integration with Active Directory, as is the case with most of the services in Azure. That really adds something to all the services.

Also, Managed HSM is not available in those other solutions. You have to go with HashiCorp Vault to get that. 

In addition, the key rotation feature of Key Vault is a lot better than in AWS Secrets Manager. CyberArk and Conjur, are more one-off products for specific use cases. You have to purchase a license and implement and manage them yourself, and not everything works seamlessly in CyberArk.

Conjur was good until Key Vault supported containerization. Azure created services for using blob storage, and those features of Key Vault came naturally as part of the whole cloud stack. 

Key Vault covers different problems for various personas and roles. As a developer, you get a lot of benefits that you don't get when you start developing with other tools, excluding HashiCorp Vault. HashiCorp Vault is really neat, and the only downside is that you have to manage the infrastructure yourself.

I'm a cloud architect. If I don't see that Key Vault has been included in a proposed architecture, I don't approve it. It's a main ingredient in any cloud enterprise infrastructure and architecture. When you're using Azure, you have to have this or a third-party solution. If someone shows me a third-party solution, I have to ask, "What's the cost of owning this component that you're adding to the architecture? Is it included, like Key Vault, or do you have to pay for it like with HashiCorp Vault?" With Azure Key Vault you have something that is free, enterprise-level, global, and it just works.

I don't know if we could survive without Key Vault in a cloud implementation and still call it a secure platform. These days, you have to have Azure Key Vault or some third-party mechanism such as HashiCorp Vault. You need something that addresses key management in your cloud environment. But why should you pay for extra resources, costs, and management overhead, if everything is managed by Azure itself?

Currently, we're looking at how we're going to use it in our dev environment. We actually have another product that we're using. We're going to test out those keys for maintaining our secrets, however, we first have them in our dev and test environment before we roll it out, as another protection area.

The most valuable aspect of the product is its ability to keep our admin password accounts for keys and a lot of our high-value assets. It can manage those types of assets. So far, the product does a great job of managing keys.

The initial setup is pretty straightforward.

The stability has been very good. We've been happy with it so far.

The security on offer seems to be quite good. 

The solution offers very good preferences.

We've found the pricing to be better than our last solution.

I don't have any thoughts on areas for improvement at this time.

While the solution already does a great job of managing keys, the solution could probably look at maybe expanding more into mobile devices and endpoints.

We've been quite happy with the stability on offer. It doesn't crash or freeze. There are no bugs or glitches. It's reliable.

Right now, for our environment, we're hoping that it's scalable and it's more cost-effective than the other tools that we were using in the past. Scalability was one of the key things that we were looking at. That said, we have not attempted to scale just yet. That may be in the future.

Technical support has been helpful and responsive. If we ever run into issues we know we can reach out and they can assist us. So far, we're quite satisfied with the level of support our organization receives.

We were previously using CyberArk, which was quite costly for us. One of the reasons we are moving away from it is the overall costs involved. This solution seems ot be better in that regard. Also, this product does seem to offer better scalability.

The initial setup is not overly complex. It's pretty straightforward. 

One of the things with the initial setup is just making sure that we understood what all our assets were and what type of things we wanted to capture in that regard. Therefore, it wasn't complex at all. It's just making sure that we did a proper plan and everything at the outset, in order to move forward properly and effectively.

The deployment took us around two to three weeks. We had an implementation strategy, however, we had to have a slow roll out. The whole thing took us about two to three weeks to get everything in place and to start migrating our keys over. 

We did not use an outside consultant or implementor during the implementation. It was an internal project. We used one of our customized tools to help us out.

The solution is less costly than our old solution, CyberArk. It's actually substantially cheaper. That said, I don't have the exact pricing off-hand.

We're partners with Microsoft.

Although we just did an upgrade to the latest version, I'm not 100% sure what the current version number we are using is.

We're quite happy with the product. I would rate the solution at an eight out of ten.

We are a financial institution and we are using this product to manage our keys. We are currently trying to roll out a "Bring Your Own Key" solution for Azure and Office 365.

The GUI was quite easy for me to use.

Integration with Fortanix is good.

The integration with Thales HSM is complex and is not out-of-the-box. Uploading the keys was quite a tedious process.

We are just beginners with the Microsoft Azure Key Vault and only started using it within the past six months.

We have approximately 150,000 employees across the organization.

Technical support from Microsoft is excellent. The reason we still buy Microsoft products is because of their support. The documentation is good and they also provide free, professional support.

The premium support is available at an additional cost, but professional support is free with the license.

Prior to Azure Key Vault, we were using the Bring Your Own Key solution, Thales Hardware Security Module (HSM). It worked seamlessly to generate our own key and upload it to the key vault. However, with Azure and Office 365, Microsoft manages the keys. I started using Azure Key Vault because it is an out-of-the-box feature with Azure, and it replaced our Thales HSM.

The installation of Thales HSM is a little bit complex. When we installed it, we needed to have two VDAs. There is an online VDA and an offline VDA, and we have to retrieve information from the offline one and pass it to the online one. These are complex tasks in our environment. Because it is a highly regulated industry, even moving a key is not easy for us. We have to go through all of the processes.

Because of the complications that we have had, we were looking at replacing Thales HSM with Fortanix. It integrates with Azure Key Vault and the key upload process is quite easy.

Pricing is quite reasonable and support is included, although premium support is available for an additional fee.

I am currently researching and evaluating HashiCorp Vault. We have not yet run a PoC but I am learning the differences between these two solutions. In addition to Azure, we have AWS and multiple cloud platforms, and we have heard that HashiCorp Vault is the best solution for cases like this.

HashiCorp Vault is open-source and has a command-line interface. 

One of the things that I would like to know is whether HashiCorp can be used for Azure workloads. For example, can it be used in a situation where a user brings their own key for Office 365, or does that only work with Azure Key Vault? 

Overall, this is a good product and the support is fantastic.

I would rate this solution an eight out of ten.

I am a system architect and this is one of the products that I work with when designing systems for our customers. This key vault allows you to store passwords and secret keys so that you can retrieve them when needed. Each customer will have their own secret password that can be used in a cloud-based scenario to retrieve their login usernames, passwords, and other secrets.

The most valuable feature is that you can retrieve user account details from the cloud.

Azure needs to provide versions of Key Vault that are suitable for different sizes of companies. For example, we are not a big corporation that can afford corporate-level pricing. We have to strike a balance between the number of users and the volume of keys that are being used.

I have been using the Microsoft Azure Key Vault for close to two years.

This is a stable product and I haven't had any issues. The performance decreases as many keys are added to the vault. For example, it will be slow if we have 1,000 users.

Scalability is related to the licensing plan. At some point, the number of keys that can be stored will run out until the vault plan is upgraded.

The product support is awesome and I don't have any issues with it.

Azure is the first key vault that we have used.

The initial setup is straightforward. It is not complex, although it takes weeks to implement because we have to integrate with other modules.

Our in-house team handles deployment.

The cost of the Azure Key Vault is very high and the pricing model is based on the number of keys that you store and retrieve. It is billed in blocks, such as 1,000 passwords that I can store. However, if I am paying to store information for 1,000 users then the pricing is not discounted if I only need to store 500.

I am currently evaluating HashiCorp Vault because it is more economical than Azure Key Vault.

In summary, this is a good product and one that I recommend.

I would rate this solution an eight out of ten.

We were using the solution to store our keys that includes secrets, passwords, and also application properties.

The application properties and the ability to store our certificates too have been great aspects of the solution. 

Mainly, having the application properties where all our applications' configurations were stored in the key vault was very useful.

The initial setup is pretty simple. 

The stability is very good.

The solution can scale up as needed. 

The solution offers very reasonable pricing. 

I can't recall coming across any missing features or elements. 

The solution does not allow you to integrate with XML parties if it is not inside Azure itself.

I used the solution during my previous project that I handled last year. I used it for a full year, from January to December.

The solution is stable. I never had issues, for example, with stability, bugs or glitches, or crashing. It's reliable.

The solution can scale. It is already a platform as a service, and therefore, it's already scaled up.

Our entire company is currently using the product.

I did not use technical support when I worked with the product. Therefore, I cannot speak to how helpful or responsive they are. 

We did use HashiCorp Vault. We used to use it, and then we moved to Azure Key Vault due to the fact that it's a cloud platform as a solution and it is easy to implement.

The initial setup was straightforward, however, we never used the console. We always used to use the Azure CLIs to set everything up.

The pricing is very reasonable. It's not overly expensive.

We're a Microsoft partner.

I cannot recall which version of the solution I used for the project I worked on.

Overall, it's a great product.

There's nothing I dislike about the solution. I would rate the solution at a ten out of ten.

The primary use case is for storing secrets.

It has improved our organization. We have been able to secure our passwords and secrets. We didn't have to add an extra tool in addition to this solution.

The most valuable feature is the ability to store secrets securely and encrypt them. It is pretty easy and straightforward to use.

I would like more code examples.

Over six months.

It is a reliable solution.

I have had no problems with scalability.

We are deploying it on 10 client systems.

I haven't needed support for this application. However, when I need support from Microsoft, I get it immediately.

I went straight to this solution.

The initial setup was straightforward.

Including research and getting up to speed with the technology, the deployment took less than a week for the PoC. Deploying it all the way to production took about a month. It took a week to determine that it was the right tool. It took another three weeks to implement in all environments, like UAT production and test. We tried it on a dev environment first, then we implemented it over different stages, like QA, test, and production. 

We deploy the solution in just one location.

I did the deployment.

It is a good deal.

The pricing is decent. It has a pretty low price. It is a straightforward cost based on usage.

I just went straight to Azure Key Vault.

Follow the Microsoft official documentation for this solution. It is pretty straightforward and very well documented.

I would rate Azure Key Vault as nine out of 10.

We primarily use the solution for key management.

The access policies are the solution's most valuable aspect.

The solution is very stable.

The scalability is very good.

The pricing of the product is reasonable.

Technical support is helpful.

The rotation of key needs improvement. It needs to offer dynamic secrets management.

I've been using the solution for about a year or so. It hasn't been that long.

The solution is very stable. It doesn't crash or freeze. There are no bugs or glitches. It's reliable. 

The solution can scale well. It's not a problem at all. If a company needs to expand it, it can.

Our clients tend to be enterprises, and aren't overly small. 

You do need a support agreement, however, from what I have seen, it's quite reliable and knowledgeable. It's easy to reach them and to work with them.

The initial setup has a moderate amount of difficulty. It's neither extremely straightforward nor overly difficult.

You do need a special agreement in order to receive technical support.

While I don't directly deal with pricing, my understanding is that it's okay, and not too expensive.

We are currently looking at other solutions in order to compare them. We are also using HashiCorp Terraform and looking into HashiCorp Vault.

We are just a customer and an end-users. We tend to use the solution for our clients.

For those companies that want to work with the solution, I'd advise that they consider the use of and integration with Azure's pipeline.

Overall, I'd rate the solution at an eight out of ten. We've largely been quite happy with its capabilities.

We use Microsoft Azure Key Vault for the secret management side of things; that's where all our application secrets are stored.

This solution speeds up the product development life cycle. That is, the time from product development to market is drastically reduced because of the CI/CD pipelines. You can have your code deployed within a matter of minutes. The entire pipeline, unit testing, and insights, even on the mobile apps, are powerful. We can even obtain crash analytics. So the entire life cycle has been really fast. Also, it's pretty easy to develop and then deploy web services within a matter of minutes.

The DevOps pipelines and the ease with which you can deploy the code through the CI/CD pipelines have been valuable features.

Azure has great documentation, but I would like to see more use cases pertaining to specific industries. For example, case studies on how to use HIPAA compliant solutions in the healthcare industry or how to use PCI compliant data analytics solutions in the financial technology industry would be helpful.

I've been using this solution for more than five years.

I think the stability is great.

I think Microsoft Azure Key Vault is very scalable.

Technical support has been absolutely splendid.

Overall, I would rate this solution at nine, on a scale from one to ten. 

However, if you're not looking to have your application tied to one cloud provider, then you should stay away from this solution. Once you are tied to a particular cloud provider, coming out of it will be very difficult.