Azure Key Vault

Azure Key Vault is a cloud service for securely storing and managing secrets (API keys, passwords, connection strings), encryption keys (used to encrypt data), and certificates (TLS/SSL certificates for applications). Instead of embedding sensitive values in application code, configuration files, or environment variables, applications retrieve them from Key Vault at runtime, keeping credentials out of source code and deployment artifacts.

Key Vault comes in two tiers. Standard protects secrets and certificates using software-based encryption. Premium adds support for Hardware Security Module (HSM)-protected keys — cryptographic operations are performed inside tamper-resistant hardware, providing FIPS 140-2 Level 2 (Standard) or Level 3 (HSM) certification. A separate offering, Managed HSM, provides a single-tenant, fully managed HSM for the highest-assurance requirements.