Share your experience using IBM Cloud Certificate Manager

The easiest route - we'll conduct a 15 minute phone interview and write up the review for you.

Use our online form to submit your review. It's quick and you can post anonymously.

Your review helps others learn about this solution
The PeerSpot community is built upon trust and sharing with peers.
It's good for your career
In today's digital world, your review shows you have valuable expertise.
You can influence the market
Vendors read their reviews and make improvements based on your feedback.
Examples of the 83,000+ reviews on PeerSpot:

Mayur B N - PeerSpot reviewer
Engineer at Blueocean
Real User
Offers good integration capabilities to its users
Pros and Cons
  • "The product's integration capabilities are good."
  • "Currently, our company has to add the secrets manually, one by one, in Azure Key Vault, which is a tedious process."

What needs improvement?

Currently, our company has to add the secrets manually, one by one, in Azure Key Vault, which is a tedious process. If the tool can provide a bulk option where we can have a CSV file and upload it, after which it switches all the keys and values from the CSV file and creates the secrets all at once, it would be helpful.

For how long have I used the solution?

I have five to ten years of experience with Azure Key Vault. I am a customer of the product.

What do I think about the stability of the solution?

Stability-wise, I rate the solution an eight out of ten.

Compared to all the cloud providers in the market, like AWS or GCP, I feel that Azure's stability is low. Azure has been in the news quite a lot of times for security breaches and other security-related stuff.

What do I think about the scalability of the solution?

Scalability-wise, I rate the solution a nine out of ten.

How are customer service and support?

I can't give a rating to the technical support because they have different support plans, and my company sticks to its basic support plan in which we get only community support and basic ticketing support, so you don't get to interact with the chat or any live customer executive.

How was the initial setup?

As long as the IAM permissions, the roles, and other permissions are clear, the deployment process is pretty easy.

My company deploys everything through Terraform scripts. Figuring out the TerraForm scripts from scratch took around eight to twelve weeks. The deployment part takes around minutes to a maximum of an hour. The infrastructure deployment doesn't take more than a few hours, especially if the Terraform files and configurations are correct.

A maximum of two people are required to take care of the product's deployment process.

What's my experience with pricing, setup cost, and licensing?

Azure Key Vault is expensive. I rate the product price a nine on a scale of one to ten, where one is low price, and ten is high price. Currently, the tool's monthly licensing costs are around 1,800 USD for all the environments combined, including the production and pre-production environments.

Which other solutions did I evaluate?

I know that AWS KMS and AWS Secrets Manager are similar to Azure Key Vault.

What other advice do I have?

I use the tool to manage encryption keys and secrets in our application. In our company's production environment, we have some secrets and certificates that need to be accessed by the Kubernetes cluster, which is why we store those secrets in Azure Key Vault. In Kubernetes, we have a SecretProviderClass, which helps us access those keys from Azure Key Vault and then give them to our applications.

Speaking about how Azure Key Vault plays a crucial role in our company's security strategy, in Kubernetes, you have to define environment variables for the application. In my company, we have around 60 to 70 environment variables, and most of them are sensitive. In Kubernetes, you define YAML files, and you can't directly use any values in YAML files and commit them to the GitHub commit because you will basically see the text values in YAML files. Instead, we store it in Azure Key Vault and then access those keys and values as variables for our company's applications.

In terms of the benefits of cryptographic key management features, I would say that my company has used only the secret option in the tool, so we haven't checked out the keys and certificates. In my company, we just store key-value pairs for variables in Azure Key Vault.

The product's integration capabilities are good.

The tool has a pretty good firewall, which allows my company to access only private networks and certain IP addresses. Everything else is good with the product.

My company doesn't use the policies in the product since we rely on roles and role assignments.

One person is enough to take care of the maintenance of the solution.

The product helps my company comply with the industry regulations since I believe that Azure Key Vault has its own set of SLAs and compliances, which we have gone through. I think Azure has some default compliance for each and every resource, which would be enough considering that I work in a very small organization where we didn't think of going into the details related to it.

Azure is a very good platform, but it is a bit expensive. I think the price is justified because of the reduced complexity and the way it handles things, considering that Azure manages certain things better than its competitors. The tool is a bit expensive, but the management and configurations would be less expensive from the user's side.

I rate the tool a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Prince Verma - PeerSpot reviewer
Cloud Infrastructure consultant at a computer software company with 201-500 employees
Real User
A cloud solution to secure and store managed sensitive information
Pros and Cons
  • "The solution uses the encryption technique to store the secret information data that uses EPCE. There is also one feature that monitors Azure Key Vault."
  • "They should improve its policies, which sometimes reapplied but don't sync properly between the Key vault and the role-based access. When I put some roles on the user side, it sometimes misses the end data to secure."

What is our primary use case?

We use the solution to secure and store managed sensitive information and cryptographic keys in an application secret.

What is most valuable?

The solution uses the encryption technique to store the secret information data that uses EPCE. There is also one feature that monitors Azure Key Vault.

What needs improvement?

They should improve its policies, which sometimes reapplied but don't sync properly between the Key vault and the role-based access. When I put some roles on the user side, it sometimes misses the end data to secure.

One feature that could be added is the transparency of Key stored. There could be a feature to monitor the Key Vault because we can't monitor the Key Vault with a third party. We can't configure the automation or sync the key vault. We store passwords and all those things.

The user intervention also needs to be implemented there. This allows the user to automatically change the password, ensuring that it synchronizes and updates across all stored keys.

For how long have I used the solution?

I have been using Azure Key Vault for two years.

What do I think about the stability of the solution?

The product is stable.

What do I think about the scalability of the solution?

The solution is scalable. If they improve certain things with the update, that will be a more scalable product. There are a lot of users that use the Key Vault because it is the organization’s choice.

How was the initial setup?

The initial setup is super easy.

There is a key that says, 'MS bug is there.' Azure has keyword secret information and connectivity issues. Azure File Share has Key connectivity issues. If we share some files and link through the Key, it loses connection.

What's my experience with pricing, setup cost, and licensing?

The product is expensive compared to other products. It is costly to install as data records are charged based on the data. The Key type and plans are the factors that affect the pricing.

What other advice do I have?

We are implementing Azure Key for certain projects. It completely depends on the project. Suppose your company gives us a project and asks us to implement Azure Key for other users.

I don't recommend it to everyone. It completely depends on the scenario base if you use a VM application or shared data. You can use Key Vault to secure information when transferring over the network. Sometimes, you are trying to assess your web information, and it is not working because of the connectivity issue due to some access control policies.

If you are the user and can work on the Azure portal or have access, you may be the support or IT person. You have the right to choose the architecture we must implement in our organization. They want to implement that on their user, but that's not a suitable option for everyone. We have 2,000 employees using this solution. We should have a strong plan to implement the Key Vault.

Anyone can learn Azure Key Vault within a day or two days.

There's a lot of work to do on the standalone side. If we are required to create a different workflow or automate it, then it's not possible or difficult to do that. If I want to keep the alerts on my email or team channel, that isn't easy to automate with the help of the Sentinel.

I need to use Azure Key Vault to ensure my application sends me refined data weekly. This data includes high and low alerts, which are sent to my email address or possibly generate an incident using a third-party API such as ServiceNow or Jira.

We can automate several things. We can fetch the log, but we can't automate that defender workflow itself in Container.

The solution is best because it completely secures passwords, which we can use to access.

Overall, I rate the solution an eight out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: customer/partner
Flag as inappropriate