Azure Key Vault Reviews

We were using Azure Key Vault for secrets management because our bank has primary AWS and secondary Azure. We are now planning to build our PKI solutions in Azure. We are planning how we can leverage Azure Key Vault solutions for that, similar to Amazon Certificate Manager, which is a certificate store. Azure Key Vault can also be used for certificate storage.

Previously, without having Azure Key Vault, we had to hard-code the secrets when we tried to integrate. For example, we were doing the Azure Information Rights Management project where we used Azure Information Protection as the product. We have Exchange in a hybrid deployment, Exchange with Office 365, and we have DLP solutions. When an outgoing email goes out, the DLP will scan for any disclosures. In terms of integrating the DLP with Azure Information Protection, at that time, in the initial stage, we were hard-coding the secrets to connect an API call to Azure Information Protection. The API permission secrets are stored in DLP servers, due to which we got non-compliant by audit. Later, we planned to use Azure Key Vault and store these secrets in Azure so that they are not hard-coded in the application and it is easy to rotate. That is how we realized the benefit of Azure Key Vault.

The key management features in Azure Key Vault are the most valuable.

Azure Key Vault has HSMs in the backend to secure the certificates and secrets. It offers two or three-level grade protection.

In terms of Azure Key Vault improvements, we have to compare the competitor. If we consider AWS, our bank has Microsoft PKI, which is a Microsoft product, for the entire digital certificate infrastructure. Even in the cloud, when it is AWS, the internal certificates are MS PKI. When we had a problem, users had to come to on-premise to get a certificate and import it to AWS Certificate Manager and assign it. We wondered why we could not issue the certificate directly from the cloud for cloud users.

There was a simple way in AWS. They have a Private Certificate Authority (PCA) and Amazon Certificate Manager. Private Certificate Authority issues certificates to Amazon services. They also provide Amazon Certificate Manager to store and deploy certificates. These are two neat components - one is an issuer and another is storage and deployment solutions for certificates. With PCA, I can directly enable it and get certificates from AWS itself. AWS can issue SSL/TLS certificates if you enable it directly.

If you consider Azure, it is not very clear. Even the naming convention, Key Vault, might not suggest that this is a PKI or certificate manager. You cannot issue certificates directly. They have app certificates and did not have a clear-cut certificate management solution in the cloud when I worked at that time. I am not sure whether they have updated Azure Key Vault as a full-fledged PKI solution now. From what I saw, it was not a full-fledged PKI solution.

We are not majorly using Azure Key Vault because it is only for storing secrets. If some solutions can provide guidance on how we can maximize leverage, we can immediately look forward to doing that. We already have some business problems we want to solve. While our primary focus is AWS, many of the services such as ADO are running on Azure, and the secondary services are growing bigger.

Azure Key Vault has been in use at the bank for the last three to four years.

I would rate the technical support by Microsoft Azure a minimum of 8 to 9 based on my experience with the support.

Positive

The pricing of Azure Key Vault is nominal, not that expensive.

We are working on Azure PKI solutions and confidential AI, confidential compute. In both AWS and Azure, we are planning to build confidential compute and confidential AI. We are implementing AI solutions in the bank and want to secure those AI solutions, so we are considering how we can get the confidential compute to secure AI solutions.

We have not used the HSM-protected keys, but we already have HSM solutions in the bank for payments. We have not integrated with Azure and are not familiar with that.

For metrics, we do not use any such tools. We currently have a product called AppViewX that is used for our certificate lifecycle management. Currently, it is from on-premise, and we even issue certificates for cloud and send alerts. The AppViewX provides a dashboard where we can see the status of certificate issuance and the performance of the applications. This is an area where we need to improve. That is why we are planning if we can put MS PKI directly into Azure via InTune and use Azure Key Vault to manage the solutions.

The interface of Azure Key Vault is quite simple. It is easy to implement solutions, very fast in terms of integrating, and the UI is excellent.

I rate Azure Key Vault a seven out of ten.

Currently, I am not working in Azure cloud, as I work with different products. However, in my previous role, I worked extensively with Azure networking products including Azure Firewall, Virtual Network, and VWAN, site-to-site VPN, and ExpressRoute. I also worked with DevOps-related and database products including Cosmos DB, SQL Managed Instance, and Redis.

I worked on Azure Key Vault, where we stored valuable items including certificates and keywords related to the project. Access was restricted to only limited personnel for security purposes. We used VPN to connect and ensured that keyword-related information was only accessible within the private network. These were the key options we utilized in Azure Key Vault.

I have been working with Azure Key Vault for almost three years. We used the Azure AD option to restrict access so that only certain people could view specific information. In projects where webpages needed to access this information, we configured permissions based on Azure AD levels to control who could access what data.

Based on my three years of experience, I believe there have been no updates to Azure Key Vault. I think the product needs upgrades in terms of access control and certification improvements. While Azure Key Vault is highly recommended due to its availability and ability to store confidential information, improvements are needed regarding access permissions and certification management.

I have been dealing with Azure Key Vault for almost three years.

We did not use Application Gateway in our project, as we only used the load balancer because we used the firewall to change the IP address. We did not use any WAF on the Azure side because we used Cloudflare WAF.

Technical support from Azure responds as quickly as possible without any delay. I rated this aspect 8 out of 10.

Positive

I switched to other products four months ago, so I do not have information about updates since then. Regarding key rotation, we did not use this feature because creating a new key would cause the application to stop during production. If key rotation were used, it could generate a new key option, but I am not fully aware of all its capabilities. I do not have detailed information about updates as I am not currently in that area. We worked as a partner with Microsoft on one project. I rate Azure Key Vault 8 out of 10 overall.

We basically use the solution for keys for data encryption at rest and for storing certificates. 

It integrates well with Azure services and is easy to use and quick to provision. We use it as part of our DevOps pipeline. When we have to provision a new account, we first provision the key and then use the keys for encryption of data tests. It has role-based access, maker-checker mechanisms, and all that, which is helpful.

When I made the support statement, it was about generic Azure support. In Azure, if I have an issue, I raise a case. That case initially goes to a common support bucket and then gets routed depending on the product after the first level of triage. Generally, that process is weak. The skill level of the support staff is also questionable.

Regarding stability, it is ten out of ten.

Generally, that process is weak. The skill level of the support staff is also questionable.

Neutral

We use only Entra Free. We are planning to buy protection for Entra.

Key has a private cloud area as well where we use some collocated and hosted types of environments. Entra is part of Azure only. We use Entra, however, we don't use IoT. We don't use that. As for Azure Private Link, we have it implemented with a couple of clients yet not significantly. That is all there at the group level. My company doesn't have it. We use Entra Free IDs only, which is used for identity on the cloud only. That is something we are working on right now. Otherwise, we use only Entra. We use Key Vault. The product rating is ten out of ten.

I mainly use the solution for storing secrets and certificates.

Everything is generally good, with nothing specific standing out. I assist with the secret storing process, whether it involves secret storing or using the Key Vault for certificate storing. 

Primarily, I use the Key Vault for storing multiple SSL certificates and handling other related tasks. These features are, in my opinion, very good.

I am not on the developer's end. I am primarily the main infrastructure person. I'm not sure what needs improvement.

Sometimes, we face issues that the support team is not aware of, necessitating investigation from their end. For example, one of our certificates was not getting deployed, and during that time, the support team was unsure and had to connect with the back-end team for assistance. Improvements can be made in this area, however, it's understandable that not everything can be perfect.

I have used the solution for more than five years.

On a scale of one to ten, it's ten. Stability is very good.

On a scale of one to ten, scalability is rated at an eight to nine.

On a scale of one to ten, support is at an eight.

Positive

Previously, we were on-premise. So, there was no scope for this Key Vault kind of functionality.

The setup is easy. We primarily use infrastructure as code, so it is easy to deploy.

I find the pricing to be good.

From an infrastructure perspective, it is all good. 

Overall rating: eight out of ten.

I mainly use it to store secrets, private keys, security keys, and related items. I utilize Key Vault for encryptions and decryptions for databases. It also helps me with key rotation, autorotation, and provides alerts for any risks or concerns. These are the features I am using.

One valuable feature is the auto-expiry notifications, which are helpful since I need to keep rotating private keys and certificates. These features assist me significantly. 

In terms of the authorization aspect, policies are beneficial in facilitating password and key changes. It also helps me increase my security posture and assists with regulatory and compliance requirements. 

It simplifies demonstrating in audits how I manage security in terms of rotation, password, and storage for encryption and decryption, whether in transit or at rest. These are very beneficial aspects.

As of now, there are not any significant areas for improvement. I would suggest making the user interface a bit more friendly. I still use many commands and manage them through Terraform, subscription services, and similar methods. It would be beneficial for me to have a more robust desktop interface for Key Vault, similar to the interfaces provided by Azure Storage or Amazon S3 for managing storages.

I have been using it for more than five years now.

The support service is good. I typically deal with enterprise subscription-based services. They are available all the time, and their knowledge base and troubleshooting support are very helpful.

Neutral

I have only worked with Key Vault and its competitors, alongside mastering other services.

The setup is simple.

The setup cost is low, as my usage is not extensive. I would classify it as low priced.

Overall, I would rate the solution a ten out of ten. It is excellent.

My key use for Azure Key Vault is for saving private information like passwords for accessing databases or other services and also for application keys that need to be kept secret. 

I save everything secret in Key Vault, and Key Vault also rotates passwords. I rotate all the keys in the system every week, I think, and I use a product I don't remember the name of. 

Basically, every new project I start has at least one Key Vault attached to it in order to save the secrets. I use at least one Key Vault for every new project.

The integration management of access to Key Vault is beneficial for me. The idea is that I can grant the application access to the Key Vault without having any password saved in a file. I use the integrated identity management of Azure to control the access, which is a strong solution for me. All secrets are in the Key Vault, and access is managed by the integrated management in ITT, which Azure provides to the services.

The whole problem of password rotation could be improved. My security area wants to rotate passwords every day, every week, or every month, depending on the services. Password rotation related to QR needs enhancement, and I think this area could be more integrated. Currently, I use an external tool for password rotation, but it could be managed more internally.

I have been using the solution for several years, as I started a few years ago. I started using Azure security around six to eight years ago.

I haven't had any problems.

This question is not applicable. Key Vault has no scalability problems because this is not a question for Key Vaults.

I am a user, specifically from an industrial company, and I am a final user. I have a strong relationship with Microsoft since we are one of their best clients in Spain, and my relationship with Microsoft is quite good.

Positive

I have experience working with Azure Key Vault. I use Deepgram.

I don't remember the initial setup because I had some issues at the beginning, but that was six years ago. I am not currently close to the people who manage this area. I automated this process six years ago. The VP goals are created using the automation I developed.

I am a user, specifically from an industrial company, and I am a final user.

Pricing is not something I am concerned about. In Azure, there is no keyboard listed. When I look at cost diagrams, the keyboard doesn't appear. It is not a concern for me. If I don't know the cost, it's not a priority. There are more important cost-related issues in Azure to resolve. The keyboard is insignificant among my twenty priorities. Cost management is not.

For AWS, I use AWS Secret. I try to use the tool I have to manage separate passwords in each cloud. I use Key Vault only in Azure and have thousands of Key Vault instances, but only for Azure.

When talking about thousands of servers and thousands of QoS, it's about a medium-sized oil company. 

The product rating is eight out of ten.

We have been using Azure Key Vault for general activities, such as when we are calling some API or something similar in Azure Data Factory, we store the secret values or API keys for that purpose.

I have mostly used the secrets in Azure Key Vault, which are pretty efficient to store the keys and secret values.

Azure Key Vault is pretty efficient when we talk about the application of data warehousing synapse and ADF services that we have in Azure. We have direct integration and connection available to integrate with the key vault, making it very efficient.

Since implementing Azure Key Vault, I have observed that instead of storing plain values, we can store them securely as and when required. That is the main purpose.

Azure Key Vault is stable and very easy to use.

The response time can be improved.

I don't have anything specific in mind because the integration in Azure Key Vault is very efficient with all applications I use.

Azure Key Vault's technical support by Microsoft Azure is very good.

Positive

Azure Key Vault should support AI-driven applications, but I don't work in AI.

Based on my experience, I would recommend Azure Key Vault to others.

I am going to continue using the product in the future.

I would rate Azure Key Vault 10 out of 10.

Azure Key Vault is used for passwords. Instead of adding the password to everything, you can add them to Azure Key Vault and directly use it whenever required, in whichever place it's needed.

The solution's most valuable features are reusability and safety. You don't have to type everything every time or remember things. Regarding safety, you don't have to keep track of the passwords. You can directly access those particular things in one go and at one particular location. You don't have to worry about password protection because it is handled by Azure.

Azure Key Vault has a lot of glitches. The solution's trial version should provide some more facilities so that people can try them and then decide whether to implement the tool in their project.

I have been using Azure Key Vault for three months.

Azure Key Vault has a lot of glitches. We faced an outage yesterday because some of our flow executes on ADF, and it failed. We have to continuously raise tickets with the support team. The outages impact our daily jobs.

I rate the solution’s stability a seven out of ten.

Azure Key Vault's scalability is good because it's a cloud-based solution. It is far better than on-premises tools, which is a good thing.

The solution's technical support is fine. However, I am not happy with the kind of acknowledgment Azure provides. If you're making changes to the tool that will impact the end user, you should inform them beforehand.

Neutral

The solution’s initial setup is easy. Since Azure Key Vault is a cloud-based service, you don't have to install it.

With Azure Key Vault, you get everything in one portal and don't have to go anywhere else, which is a good thing.

The solution's access policy is important. You can directly provide the kind of access you want to grant to any particular user or batch of users rather than monitor which particular user should assign which particular task and what things can be seen by which particular user. Those kinds of restrictions can be added directly using the access policy.

You need to maintain the solution. If the credentials are getting expired, you have to provide an update on that. One person is more than enough to maintain the solution.

Overall, I rate the solution a seven out of ten.

We use the solution to store passwords, some information, and authentication.

The slow response from the support team is one of the shortcomings of the solution that needs to be improved.

My organization has been using Azure Key Vault for two or three years, and I'm fairly new to the organization. I have been using the solution for six months. We use a lot of services on Azure. 

It is a stable solution.

Regarding how extensively it is used in your company, it is used for anything on the cloud where we need any service, especially user-facing ones. 

Around 800 to 1,000 users in my company use the solution. Also, it is important to note that there are around 150 to 200 people in the technology department.

The support team has been decent, at least for us, because we have a contract, and we paid for a good SLA. So far, the support has been good. I rate the overall support an eight out of ten.

Positive

I have worked with Windows Active Directory. Azure Key Vault is not something I directly use in my application because I'm not on the infrastructure side. I am more on the application development side.

The solution is deployed on the public cloud.

For the maintenance of the solution, no more than four people are needed. Even then, four would be an enhanced number.

We have an infrastructure team that looks after it. I don't think there is anybody dedicatedly to looking after Azure Key Vault. But we have an enhanced infrastructure team, which looks after pretty much everything, especially the big administrative things on the cloud.

The deployment process was straightforward.

I am satisfied with the product overall.

I would definitely recommend the solution to small companies planning to use it since it is quite straightforward.

Overall, I rate the solution a nine out of ten.

We wanted to tokenize the PCI data stored in the database. We are using Azure Key Vault to store the keys for the data tokenization. We store secret keys and drive encryption keys in Azure Key Vault.

We require customer-managed keys or Bring Your Own Key (BYOK) for certain things. With Azure Key Vault, we can generate our own keys and then import them inside the system, which provides a higher level of security than provider-managed keys.

As of today, there is limited support for third-party vendors. You are forced to work with the vendors that Azure approves. Only a few and not all third-party vendors are supported on Azure Key Vault. It would be great if Azure allowed more third-party vendors into the ecosystem.

Currently, the solution's pricing is based on the number of transactions, which is very high in some cases. The solution's pricing could also be reduced.

Currently, dedicated Azure Key Vaults are not available in the UAE region. We are using a shared solution with other customers. There is a great need for certain customers who want dedicated hardware-based or physically segregated Azure Key Vault.

I have been using Azure Key Vault for more than 1 year.

Azure Key Vault is a very stable solution.

The solution has very good scalability. More than 15 users use the solution in our organization.

I rate Azure Key Vault a nine out of ten for scalability.

The solution's technical support is not that good. Whenever we identify a particular issue and raise it as a Key Vault issue, the calls keep bouncing between people. Since Microsoft has a different subject matter expert for everything, we face a lot of issues trying to find the right person. For example, if we have an issue with drive encryption, they will get us an Intune expert. It's hard to reach the right people.

Most of the time, the people who call quickly are unaware of the product and are mostly gathering information. We get a lot of calls from people who keep asking the same questions regarding our version and software. So, it takes quite some time to get to the expert.

I previously worked with Thales. Thales is a completely hardware-based solution, and its installation and configuration are way more complicated than Azure Key Vault. Since Azure Key Vault is a SaaS solution, installing and deploying it is much easier.

The solution's setup process is simple if you're using native technology. However, it's a little complicated if you're using third-party applications or software.

Azure Key Vault is a very, very expensive solution. Currently, the solution's pricing is based on the number of transactions, which is very high in some cases.

Azure Key Vault provides a very good interface wherein we can continuously change or recycle the keys seamlessly. This automatic mechanism is much better than the typical process of changing keys or certificates. The solution takes backups before the keys expire and informs us in advance when the keys will expire.

There is something called rainbow keys. I can generate certain read-only keys that even the administrator cannot delete. The access control is very granular. I can provide access control on certain keys so that only a specific person can access them. We have deployed Azure Key Vault on the cloud in our organization.

Azure Key Vault is the best solution for Microsoft users. If you use another cloud provider, you will have to find a solution that works across all of them.

Overall, I rate the solution a seven out of ten.