Azure Key Vault OverviewUNIXBusinessApplication

Azure Key Vault is the #1 ranked solution in top Enterprise Password Managers, #1 ranked solution in top Certificate Management Software tools, and #6 ranked solution in top Microsoft Security Suite tools. PeerSpot users give Azure Key Vault an average rating of 8.6 out of 10. Azure Key Vault is most commonly compared to AWS Secrets Manager: Azure Key Vault vs AWS Secrets Manager. Azure Key Vault is popular among the large enterprise segment, accounting for 69% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 17% of all views.
Azure Key Vault Buyer's Guide

Download the Azure Key Vault Buyer's Guide including reviews and more. Updated: March 2023

What is Azure Key Vault?

Microsoft Azure Key Vault is a cloud-based data security and storage service that allows users to keep their secrets safe from bad actors.

Benefits of Microsoft Azure Key Vault

Some of the benefits of using Microsoft Azure Key Vault include:

  • Secure your secrets in a single central location, enabling you to control how your information is disseminated.
  • Keep your data away from bad actors. Application administrators can store their application’s security information away from the actual application. Microsoft Azure Key Vault reduces the chance that a bad actor will be able to leak an application’s secrets. Because the data is not stored in the code of the application, hackers will be unable to steal the security information.
  • Retrieve your information securely. When the information is needed, the application can securely retrieve it by using a uniform resource identifier (URI) to connect to Microsoft Azure Key Vault.
  • Securely store your digital keys and secrets. Microsoft Azure Key Vault stores data behind layers of security protocol. No one can access the information stored in a Microsoft Azure Key Vault without first obtaining the necessary authentication and authorization. The authentication process allows the system to figure out who is trying to access the vault in question. This process is performed by Azure’s Active Directory. After the person or entity is authenticated, Microsoft Azure Key Vault then assigns them a level of authorization. This determines what sort of actions they will be able to perform.
  • Choose from two different authorization options. The level of a user’s authorization can be either role-based or dictated by a policy that the administrator sets. Azure’s role-based access control (Azure RBAC) enables users to both manage and access stored data. A key vault access policy limits users to data access.
  • Secure your data in the way that best fits your needs. Your data can be protected by either industry-standard algorithm software or hardware security modules (HSMs). Your data is even safe from Microsoft, as the vaults are designed so that not even Microsoft can get in and access the information.
  • Easily monitor who accesses your vault(s). Microsoft Azure Key Vault enables administrators to keep a close eye on their secrets. Users can activate a vault-logging feature that will track every piece of information. It will record who accessed the vault, when they accessed it, and other pertinent details.
  • Choose how you want to store your logs. Users can store logs in multiple ways. These logs can be archived, sent to the Azure monitor logs area, or streamed to an events hub. The logs can be secured to prevent unauthorized viewing and deleted when they are no longer needed.

Reviews from Real Users

Microsoft Azure Key Vault stands out among their competitors for a number of reasons. Two major ones are the overall robustness of the solution and its ability to protect and manage many different digital asset types. The many features that the solution offers allows users to tailor their experience to meet their specific needs. Its flexibility enables users to accomplish a wide variety of security and identity management related tasks. It empowers users to secure a wide array of assets. Users can keep many different types of secrets away from bad actors.

A cloud architect at a marketing services firm writes, “All its features are really valuable. It's really well thought-out. It's a complete turnkey solution that has all the concerns taken care of, such as access control and management. You can use it in infrastructure as code to create key vaults, APIs, PowerShells, CLIs, even Terraform. You can also use it in different services across the board. If you have app services, or virtual machines, Kubernetes, or Databricks, they can all use Key Vault effectively. In my opinion, in a DevSecOps, DevOps, or even in a modern Azure implementation, you have to use Azure Key Vault to make sure you're addressing security and identity management concerns. By "identity" I mean usernames, passwords, cryptography, etcetera. It's a full-blown solution and it supports most breeds of key management: how you store keys and certify.”

Roger L., the managing director of Cybersecurity Architecture at Peloton Systems, says, “The most valuable aspect of the product is its ability to keep our admin password accounts for keys and a lot of our high-value assets. It can manage those types of assets. So far, the product does a great job of managing keys.”

Azure Key Vault was previously known as Microsoft Azure Key Vault, MS Azure Key Vault.

Azure Key Vault Customers

Adobe, DriveTime, Johnson Controls, HP, InterContinental Hotels Group, ASOS

Azure Key Vault Video

Azure Key Vault Pricing Advice

What users are saying about Azure Key Vault pricing:
  • "Key Vault, like every Azure service, has a cost associated with it, but you don't have to spend thousands of dollars to spin up an environment to build a key management system. It's already there."
  • "Azure is cheaper than CyberArk... CyberArk is good, but it's quite expensive."
  • "The pricing is reasonable and flexible, especially for those already using Microsoft Azure Cloud services. There is a cost associated with retrieval and storage, which is a few dollars. Otherwise, the price can be customized according to requirements, such as how many keys need to be stored."
  • "The price isn't high. Any sized organization could easily adopt it. The first 250 keys are available for $5 per month."
  • "Pricing is quite reasonable and support is included, although premium support is available for an additional fee."
  • "I find the pricing of Azure Key Vault to be reasonable."
  • "I give the price of the solution a ten out of ten."
  • Azure Key Vault Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Cloud Architect at a marketing services firm with 11-50 employees
    Real User
    Top 20
    Enables you to run infrastructure as code, to fully automate creation, management of, and access to, keys
    Pros and Cons
    • "All its features are really valuable. It's really well thought-out. It's a complete turnkey solution that has all the concerns taken care of, such as access control and management. You can use it in infrastructure as code to create key vaults, APIs, PowerShells, CLIs, even Terraform."
    • "If you check the capabilities of other key management services across Amazon, HashiCorp, and Google, there are features that Key Vault doesn't have. It could be the case that when you use Key Vault, you might be forced to use a third-party solution to get certain services. If those services could be included in Key Vault, there would be diminished reasons to go for a third-party key management system."

    What is our primary use case?

    I have used the solution on a couple of projects for a client, mainly for storing credentials and secrets, such as API keys and application or username passwords into the vault, as well as certificates. 

    It is used for anything we need to keep safe and secure and not have users access, except via applications that programmatically access Key Vault and retrieve the secrets and connect to other APIs. That way, we don't supply usernames and passwords within application code or to people. We vault them in Key Vault and those secrets can be used within an application without human intervention.

    Azure Key Vault is a SaaS solution.

    How has it helped my organization?

    You have to have this to make sure that you're compliant with security and governance. One of the main concerns with compliance is how you manage keys and secrets in your cloud environments. You're encrypting your data at rest and in transit, but where do you store the encryption key itself to not become compromised? Key Vault addresses all those concerns. This is one of the main tools and, without it, it's hard to implement and address one of the main pillars of cloud architecture, which is security.

    The whole nature of it is to help make things autonomous, because you can run infrastructure as code. That really takes away the human factor and you can fully automate the creation and management of, and access to, the keys, including the rotation of the keys. By taking away the human element, it's really secure. And, implementation-wise, when you're using Key Vault, Microsoft is behind it and they're using the best methods for encryption and ciphering of keys. You don't have to worry about those things.

    It really simplifies the whole process, in contrast to needing in-house experts to help you facilitate key management. When it comes to two main concerns, encryption of the data in transit and at rest, it is a service that is with you all the time. It has a low cost and it's ready to implement. You don't have to have 10 developers build something that you don't even know will be successful, versus a service that has already been tested across global enterprise companies.

    What is most valuable?

    All its features are really valuable. It's really well thought-out. It's a complete turnkey solution that has all the concerns taken care of, such as access control and management. You can use it in infrastructure as code to create key vaults, APIs, PowerShells, CLIs, even Terraform.

    You can also use it in different services across the board. If you have app services, or virtual machines, Kubernetes, or Databricks, they can all use Key Vault effectively. In my opinion, in a DevSecOps, DevOps, or even in a modern Azure implementation, you have to use Azure Key Vault to make sure you're addressing security and identity management concerns. By "identity" I mean usernames, passwords, cryptography, et cetera. 

    It's also a regional solution and it frees you up from using third parties like HashiCorp Vault, for example.

    In addition, there is a feature in Azure called managed identities, and when storing your credential or any keys or secrets in that you can have your code use managed identities to access Key Vault. That simplifies the whole process of connecting to Key Vault and retrieving your secrets, passwords, and credentials. 

    It's a full-blown solution and it supports most breeds of key management: how you store keys and certify. 

    I can't say that one of its features is better than others. You have to have all of them to make it a competent service, although one of the especially important features is the connection with monitoring and logging, so you can see who had access to what.

    What needs improvement?

    If you check the capabilities of other key management services across Amazon, HashiCorp, and Google, there are features that Key Vault doesn't have. It could be the case that when you use Key Vault, you might be forced to use a third-party solution to get certain services. If those services could be included in Key Vault, there would be diminished reasons to go for a third-party key management system.

    Buyer's Guide
    Azure Key Vault
    March 2023
    Learn what your peers think about Azure Key Vault. Get advice and tips from experienced pros sharing their opinions. Updated: March 2023.
    688,618 professionals have used our research since 2012.

    For how long have I used the solution?

    I was using Microsoft Azure Key Vault until two years ago, but since then I've been actively using it for two or three different projects.

    What do I think about the stability of the solution?

    It's stable. There is the SLA and the resiliency that goes with Azure. Because many services are dependent on Key Vault, if it's highly available and redundant, it helps a lot. You can imagine how many times applications would go down if Key Vault were not available. It is one of the high-demand services. Anything that needs to access a key or a certification is dependent on Azure Key Vault. 

    So far, compared to other services that are available in the Azure environment, I haven't seen anything surprising with the stability or availability of Key Vault.

    What do I think about the scalability of the solution?

    It's scalable and global in its performance. I have implemented it for one of the largest pharmaceutical companies in the whole world, a company that operates on a global scale. Key Vault is a main ingredient for every one of their infrastructure pieces that is tied to it. The scale of that company in its use of Key Vault was phenomenal.

    How are customer service and support?

    I haven't needed to contact Microsoft support about Key Vault. There have been instances when I have had to talk with Microsoft support about Graph API for Active Directory and other services, and even to the cloud adoption framework team, but never for Key Vault. It is just so straightforward.

    How was the initial setup?

    The complexity depends on what you're trying to do with Key Vault. It can get complex or it can be simple. You don't expect advanced scenarios to be easy to implement because it has many ingredients. If someone is simply going to Azure portal to create a secret and retrieve it, it's simple. But if you want to tie in your services, and have role-based control over who can access keys, and what services are tied to the keys, it gets complicated. But that's not just Azure. That complexity comes with the level of complexity of the scenario.

    Key Vault is easy to use because there are many APIs and mechanisms to create and retrieve. The concepts are easy. I use it in many scenarios, such as building infrastructure as code, consuming it in Kubernetes. Everything seems to be straightforward. It is really the de facto for key management and vaulting secrets. 

    For example, one of the applications recently we developed needed to store the username and password of the service that connects to SQL Server. I found it was super-easy to tie the credentials within the application configuration files to Key Vault to retrieve the keys. It was a no-brainer for a developer to learn and do it. It took about 15 to 30 minutes to follow the documentation. And it has really nice documentation. Performing any action using the features of Key Vault is really easy as it's user-friendly. Depending on your level of skill, the deeper you get, the more features you can use.

    What's my experience with pricing, setup cost, and licensing?

    Key Vault, like every Azure service, has a cost associated with it, but you don't have to spend thousands of dollars to spin up an environment to build a key management system. It's already there.

    You pay as you go, similar to other services in Azure.

    Which other solutions did I evaluate?

    There are many other tools that I am still using, including AWS Secrets Manager, CyberArk, and Conjur, but none of them is close to Key Vault.

    One of the benefits of Azure Key Vault is its integration with Active Directory, as is the case with most of the services in Azure. That really adds something to all the services.

    Also, Managed HSM is not available in those other solutions. You have to go with HashiCorp Vault to get that. 

    In addition, the key rotation feature of Key Vault is a lot better than in AWS Secrets Manager. CyberArk and Conjur, are more one-off products for specific use cases. You have to purchase a license and implement and manage them yourself, and not everything works seamlessly in CyberArk.

    Conjur was good until Key Vault supported containerization. Azure created services for using blob storage, and those features of Key Vault came naturally as part of the whole cloud stack. 

    Key Vault covers different problems for various personas and roles. As a developer, you get a lot of benefits that you don't get when you start developing with other tools, excluding HashiCorp Vault. HashiCorp Vault is really neat, and the only downside is that you have to manage the infrastructure yourself.

    What other advice do I have?

    I'm a cloud architect. If I don't see that Key Vault has been included in a proposed architecture, I don't approve it. It's a main ingredient in any cloud enterprise infrastructure and architecture. When you're using Azure, you have to have this or a third-party solution. If someone shows me a third-party solution, I have to ask, "What's the cost of owning this component that you're adding to the architecture? Is it included, like Key Vault, or do you have to pay for it like with HashiCorp Vault?" With Azure Key Vault you have something that is free, enterprise-level, global, and it just works.

    I don't know if we could survive without Key Vault in a cloud implementation and still call it a secure platform. These days, you have to have Azure Key Vault or some third-party mechanism such as HashiCorp Vault. You need something that addresses key management in your cloud environment. But why should you pay for extra resources, costs, and management overhead, if everything is managed by Azure itself?

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    CyberSecurity Director of Intelligence at a tech services company with 1-10 employees
    Real User
    Top 20
    Straightforward to set up, robust, and helps improve security
    Pros and Cons
    • "Among the features that have helped improve our security posture are storing secrets in a secure location to create a trusted situation, trusted resources, and incorporating identity access management so that we know who has access to what."
    • "One of my previous clients was one of the big banks here in the Netherlands and the EU courts have stated that Microsoft Azure Key Vault is not, according to their perspective, secure due to the fact that Microsoft has access to Key Vault."

    What is our primary use case?

    We use it for storing secrets for different accounts. If a service account or a storage account or a resource needs access to a resource, and there's a password involved, you would book out a password, and access Key Vault to gain access to the password, and get access to the resource.

    How has it helped my organization?

    The ability to use identity access management incorporated with RBAC is important for us. It helps us ensure the governance and security posture is secure and logical.

    What is most valuable?

    Among the features that have helped improve our security posture are storing secrets in a secure location to create a trusted situation, trusted resources, and incorporating identity access management so that we know who has access to what.

    In addition, it hasn't affected our end-user experience. It's seamless.

    What needs improvement?

    One of my previous clients was one of the big banks here in the Netherlands and the EU courts have stated that Microsoft Azure Key Vault is not, according to their perspective, secure due to the fact that Microsoft has access to Key Vault. If you cannot demonstrate that only you, as an organization, have access to your secrets, then you are not in control of your secrets. That is a concern.

    Also, a big issue is the configuration. It could be that the people working on the solution, the system engineers, might lack knowledge and not incorporate all the best practices from Microsoft. The way they've implemented it might not be the way Microsoft envisioned it. It's always back to who's implementing what for you as a solution.

    For how long have I used the solution?

    We've been using Microsoft Azure Key Vault for two to three years.

    What do I think about the stability of the solution?

    It's robust. It's good.

    What do I think about the scalability of the solution?

    The scalability is very good. It's up to your imagination and how big you want to make your resilience and high availability and so on.

    We have plans to increase our usage because we are going to launch new websites for specific regions. There will just be more resources needed.

    How are customer service and support?

    Microsoft has a support team that calls our security team every two weeks to discuss any topics and issues, and to talk about topics of the day or the week. It might be about resilience or expansion or features that are changing and new releases. It's good to have a meeting at least every two weeks that gives us the opportunity to speak to Microsoft account management.

    How would you rate customer service and support?

    Positive

    How was the initial setup?

    The initial setup was straightforward. It's already incorporated in Azure, so you can just use it. It took minutes to deploy.

    What was our ROI?

    The ROI is due to the fact the services keep on growing. It's better, it's more secure, and it grows. It's becoming a better product.

    Which other solutions did I evaluate?

    Our customer did not evaluate other products. They mostly want to do things native to Microsoft Azure, so that's their first port of call. And if Azure services cannot provide the functionality that they need, then they will go and look outside.

    What other advice do I have?

    Other service providers try to lower the prices, but it all depends on your development environment and your core skills. You are a bit more stuck if you are coding in .NET. If you go down that route, you can't easily move out to another service provider. Maybe you can go the route of adding a new team with a different service provider, but then you will need to mash it together. You would need to evaluate if that is a good option.

    We have about 70 developers and they are in different teams. They interact with third parties and they have different roles, including front-end and back-end developers. Each one creates services for different websites for different regions, to sell e-vape cigarettes. And we have team leaders who use it as well. There's a security team of five people responsible for the infrastructure of Azure, including creating new resources or whatever is necessary for the dev teams. There are also operations management and product owners who make decisions on schedules, what will be built, and priorities.

    Deployment and maintenance are part of the security engineers' work, to manage any issues. Sometimes the dev teams get involved with root cause analysis if something is going wrong with a web application. We have a team for certain maintenance tasks and requests.

    The biggest lesson I've learned from using this solution is: "Stay secure."

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    Azure Key Vault
    March 2023
    Learn what your peers think about Azure Key Vault. Get advice and tips from experienced pros sharing their opinions. Updated: March 2023.
    688,618 professionals have used our research since 2012.
    Information System Security Engineer at a non-profit with 1,001-5,000 employees
    Real User
    Integration with applications is easy, but key rotation needs notable improvement
    Pros and Cons
    • "The best feature is the integrity of the .NET applications in our company."
    • "The big problem with Azure Key Vault is key rotation. We haven't found a good way to synchronize the credentials between the databases and Key Vault."

    What is our primary use case?

    Our primary use case for Azure Key Vault is cloud applications that are being developed and deployed on Azure. In addition, we use it to store secrets that are used for on-premises applications.

    What is most valuable?

    The best feature is the integrity of the .NET applications in our company.

    What needs improvement?

    The big problem with Azure Key Vault is key rotation. We haven't found a good way to synchronize the credentials between the databases and Key Vault.

    For how long have I used the solution?

    We have been using Microsoft Azure Key Vault for about one and a half years.

    What do I think about the stability of the solution?

    Azure Key Vault is stable. We haven't had issues with it in terms of reliability.

    What do I think about the scalability of the solution?

    The scalability of Key Vault depends on how we develop applications. The technical part of integrating between the cloud and Key Vault is easy. It's more that the development of life cycle processes needs to be improved. That's one of the big problems. They have to improve it so that all projects and all servers achieve integration easily. But that's not so much an Azure Key Vault issue. It has more to do with the processes of our company.

    We don't look at the number of users but, rather, what are called service principals in Azure Key Vault. We have a lot of service principal applications.

    How are customer service and support?

    Our first step is always to try to find issues ourselves. If we can't handle an issue we escalate the request to a local Microsoft support provider. If they don't have the answer, they go directly to Microsoft.

    Which solution did I use previously and why did I switch?

    We have been using Azure Key Vault and Centrify. We have begun a migration to CyberArk because our provider told us about a technology change and offered to migrate us from Centrify to CyberArk. We are looking to understand what CyberArk's capabilities are in comparison with Azure Key Vault. We are trying to decide which option is the best one to go with. What we have learned is that each product has particular issues that make us think that we need to keep both. The issue we have is with the rotation of databases and servers. CyberArk accomplishes it better. That's why we are trying to integrate these two solutions.

    How was the initial setup?

    It's not complex to set up. It's easy to configure secrets.

    What can be a little difficult is establishing a good design and governance of the Key Vault repositories. Sometimes it's difficult to understand if we need one key vault or multiple key vaults. Do we need a key vault instance for an environment or do we need multiple key vaults for our databases or maybe multiple key vaults for the segregation of services according to on-premises and cloud? But creating a secret and integrating an application you're going to consume the secret with is easy.

    We have four operators responsible for Key Vault and CyberArk.

    What's my experience with pricing, setup cost, and licensing?

    Azure is cheaper than CyberArk. You can configure a lot of applications with it, but the key rotation issue is there. CyberArk has good key rotation. It integrates with a lot of technologies and a lot of different types of databases. CyberArk is good, but it's quite expensive. 

    Both Azure Key Vault and CyberArk are paid annually.

    What other advice do I have?

    I would rate Azure Key Vault a seven out of 10 because of the key rotation issues. They are a big problem. The integration of the application is easy, but key rotation is not easy. It needs a lot of improvement.

    From what I have seen from CyberArk in terms of services, key rotation, and its integration with technologies, it's quite good. The big problem is its pricing. I would rate CyberArk at 8.5 out of 10.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    IT Project Manager at Orange España
    Real User
    Top 5Leaderboard
    Stores confidential and secure information in an encrypted way, protecting our keys from threats or theft
    Pros and Cons
    • "The solution does an excellent job of storing and retrieving our stored keys."
    • "Better integration with other third-party cloud providers, such as AWS and GCP, should be there. That's something I expect from a Microsoft-built product."

    What is our primary use case?

    We use the solution to store our keys securely because authentication, encryption, and endpoint keys are significant concerns. Azure Key Vault allows storing confidential and secure information in an encrypted way, protecting our keys from threats or theft.

    We have over 100 end users spread over geographically diverse areas in the US, Europe, the UK, Asia Pacific, and India. We operate a shared environment where users can store their passwords and keys in the vault and share them within teams.

    How has it helped my organization?

    Azure Key Vault provides secure storage for all of our keys in a single place, and we can quickly retrieve them when required.

    What is most valuable?

    The solution does an excellent job of storing and retrieving our stored keys.

    It has a favorable UI.

    Azure Key Vault has good integrations with other solutions we use, as we operate a Microsoft Azure environment.

    What needs improvement?

    I want to see faster key retrieval, as it sometimes takes a while. 

    Better integration with other third-party cloud providers, such as AWS and GCP, should be there. That's something I expect from a Microsoft-built product.  

    For how long have I used the solution?

    I've been using Azure Key Vault for approximately two years.

    What do I think about the stability of the solution?

    The tool is stable and relatively mature in the market, with many organizations using it worldwide.

    What do I think about the scalability of the solution?

    The scalability is good; we have over 100 keys and passwords stored in the vault, and it works perfectly.

    How are customer service and support?

    There is little need for technical support, as Azure Key Vault is a fully managed solution. No application runs in our environment; it's just a password repository. Overall though, the technical support is excellent.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We have always used Azure Key Vault, and we chose it because integration and compatibility are significant challenges for us. We require a product that's fully compatible and easily integrated with our existing applications, databases, and services.

    We also tried various third-party and open-source software, such as Skyflow and a HashiCorp product.

    How was the initial setup?

    The initial setup is straightforward as it is managed by Microsoft and can be enabled in a few clicks through Microsoft Azure. There is no installation or separate deployment required. Five to six staff carried out the initial setup and implementation. There is no maintenance required from our side.

    What about the implementation team?

    We dealt directly with Microsoft as we were already customers with them. 

    What was our ROI?

    We have seen a return on our investment, as security is a significant challenge for us. We want to keep our information as secure as possible to protect our data from third-party attacks and unauthorized users, and Azure Key Vault helps us do that.

    What's my experience with pricing, setup cost, and licensing?

    The pricing is reasonable and flexible, especially for those already using Microsoft Azure Cloud services. There is a cost associated with retrieval and storage, which is a few dollars. Otherwise, the price can be customized according to requirements, such as how many keys need to be stored.

    Which other solutions did I evaluate?

    We evaluated AWS Certificate Manager, but Azure Key Vault was a better fit. 

    What other advice do I have?

    I rate the solution 10 out of 10. 

    I highly recommend the solution to those who already use Microsoft products and have an environment where applications run through Azure. Azure Key Vault would be a great place to securely store all of your confidential information.

    Which deployment model are you using for this solution?

    Hybrid Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Amazon Web Services (AWS)
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Prateek Agarwal - PeerSpot reviewer
    Technical Program Manager at a university with 201-500 employees
    Real User
    Top 5Leaderboard
    Allows us to securely store our keys to prevent unauthorized access to unwanted users
    Pros and Cons
    • "It stores sensitive information in an encrypted way. We don't have to worry about data loss or data theft because no one can see our information."
    • "Sometimes it takes too long to retrieve the keys. The authentication process takes time."

    What is our primary use case?

    We use Azure Key Vault to store our keys, which we use for application access and security validations. It stores keys in a secure way, just like a password.

    We always use the latest version. The solution is deployed on the cloud.

    It is deployed on the organization level, so about 75 to 100 people are currently using the solution.

    How has it helped my organization?

    The solution has improved our organization. It allows us to securely store our keys to prevent unauthorized access to unwanted users.

    We have applications that are stored in a large volume of data. If an unwanted user wants to access the application, it prompts for the key.

    The solution has positively affected our end-user experience because our applications are being accessed through APIs from different geographies, different locations, and different users. Azure is good at authenticating only the real users. It provides a good user experience because the authentication is done within seconds.

    Data is our top priority. All of the keys are secured in an encrypted way, so it provides a return on investment to our organization.

    What is most valuable?

    The solution is very easy to use. It provides us with security.

    It stores sensitive information in an encrypted way. We don't have to worry about data loss or data theft because no one can see our information.

    What needs improvement?

    Sometimes it takes too long to retrieve the keys. The authentication process takes time. It's also not fully compatible with Azure Databricks.

    For how long have I used the solution?

    I have used this solution for two years.

    What do I think about the stability of the solution?

    It's stable because it's a mature solution. It works as expected.

    What do I think about the scalability of the solution?

    Scalability is not a prerequisite because it provides storage of our security case. It's highly scalable, secure, and reliable.

    How are customer service and support?

    We don't require technical support regularly, but we contact them when we're unable to retrieve information. They're very good at providing support. 

    I would rate technical support as nine out of ten.

    How would you rate customer service and support?

    Positive

    How was the initial setup?

    The setup isn't very complex. It's a managed service with Microsoft Azure, so everything is done with a click. We just had to configure the solution according to our requirements.  

    For implementation, we used a team of five people because it doesn't require complex integration. Those people were mainly on the DevOps and security teams.

    We don't need to do anything for maintenance.

    What about the implementation team?

    We implemented the solution with an in-house team.

    What's my experience with pricing, setup cost, and licensing?

    The price isn't high. Any sized organization could easily adopt it. The first 250 keys are available for $5 per month. For more keys, it costs $2.50 per month, and then 90 cents per month.

    Which other solutions did I evaluate?

    We also evaluated Skyflow and HashiCorp. We wanted a compatible system because we're already using Azure.

    What other advice do I have?

    I would rate this solution a nine out of ten. 

    Sometimes there is latency in retrieving the certificates on the keys from the Azure Key Vault.

    If the customer or the client is already using Azure, then using Azure Key Vault should be the first priority. Otherwise, third-party tools are always available.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Associate Vice President - Cloud Security at a financial services firm with 10,001+ employees
    Real User
    Easy to use GUI, good support, and it's reasonably priced
    Pros and Cons
    • "The GUI was quite easy for me to use."
    • "The integration with Thales HSM is complex and is not out-of-the-box. Uploading the keys was quite a tedious process."

    What is our primary use case?

    We are a financial institution and we are using this product to manage our keys. We are currently trying to roll out a "Bring Your Own Key" solution for Azure and Office 365.

    What is most valuable?

    The GUI was quite easy for me to use.

    Integration with Fortanix is good.

    What needs improvement?

    The integration with Thales HSM is complex and is not out-of-the-box. Uploading the keys was quite a tedious process.

    For how long have I used the solution?

    We are just beginners with the Microsoft Azure Key Vault and only started using it within the past six months.

    What do I think about the scalability of the solution?

    We have approximately 150,000 employees across the organization.

    How are customer service and technical support?

    Technical support from Microsoft is excellent. The reason we still buy Microsoft products is because of their support. The documentation is good and they also provide free, professional support.

    The premium support is available at an additional cost, but professional support is free with the license.

    Which solution did I use previously and why did I switch?

    Prior to Azure Key Vault, we were using the Bring Your Own Key solution, Thales Hardware Security Module (HSM). It worked seamlessly to generate our own key and upload it to the key vault. However, with Azure and Office 365, Microsoft manages the keys. I started using Azure Key Vault because it is an out-of-the-box feature with Azure, and it replaced our Thales HSM.

    The installation of Thales HSM is a little bit complex. When we installed it, we needed to have two VDAs. There is an online VDA and an offline VDA, and we have to retrieve information from the offline one and pass it to the online one. These are complex tasks in our environment. Because it is a highly regulated industry, even moving a key is not easy for us. We have to go through all of the processes.

    Because of the complications that we have had, we were looking at replacing Thales HSM with Fortanix. It integrates with Azure Key Vault and the key upload process is quite easy.

    What's my experience with pricing, setup cost, and licensing?

    Pricing is quite reasonable and support is included, although premium support is available for an additional fee.

    Which other solutions did I evaluate?

    I am currently researching and evaluating HashiCorp Vault. We have not yet run a PoC but I am learning the differences between these two solutions. In addition to Azure, we have AWS and multiple cloud platforms, and we have heard that HashiCorp Vault is the best solution for cases like this.

    HashiCorp Vault is open-source and has a command-line interface. 

    One of the things that I would like to know is whether HashiCorp can be used for Azure workloads. For example, can it be used in a situation where a user brings their own key for Office 365, or does that only work with Azure Key Vault? 

    What other advice do I have?

    Overall, this is a good product and the support is fantastic.

    I would rate this solution an eight out of ten.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Microsoft Azure
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Kevin McAllister - PeerSpot reviewer
    Executive Manager at Hexagon AB
    Real User
    Top 5Leaderboard
    Highly scalable solution for managing keys and secrets
    Pros and Cons
    • "I find the simplicity of key management to be the most valuable feature. Key management has always been a difficult function to do, especially in the cloud premises. Azure Key Vault provides you with a mechanism for managing keys, without having to worry about protecting secrets is valuable."
    • "We encountered a few problems where Azure had infrastructure problems like the DMS."

    What is our primary use case?

    We use Azure Key Vault to store all of our applications’ keys and secrets in the Azure platform. The secrets and keys are for our public facing SaaS software which mainly includes websites and APIs.

    How has it helped my organization?

    The solution has reduced the amount of time that we had spent worrying about the management of the keys and secrets.

    What is most valuable?

    I find the simplicity of key management to be the most valuable feature. Key management has always been a difficult function to do, especially in the cloud premises. Azure Key Vault provides you with a mechanism for managing keys, without having to worry about protecting secrets is valuable.

    For how long have I used the solution?

    I have been using this solution for about five years.

    What do I think about the stability of the solution?

    I would rate the stability of the solution as eight out of ten. We encountered a few problems where Azure had infrastructure problems like the DMS. It was not necessarily a problem with the Key Vault but a problem with the infrastructure that did not allow us to access it.

    What do I think about the scalability of the solution?

    I would give a rating of ten out of ten for the scalability of the solution. I have not found any scalability issues with Azure Key Vault.

    How are customer service and support?

    I have found the customer service and support of Microsoft to be very good and very high.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We haven’t used any different solution before Azure Key Vault. We have used it since initially implementing it in the cloud.

    How was the initial setup?

    The initial deployment was straightforward. I was involved in the deployment of the solution in a project management role.

    What about the implementation team?

    We implemented the solution with the help of an in-house team. There was only one team member doing the deployment.

    What was our ROI?

    We have seen ROI with the solution. We observed reduced internal development effort with the use of the tool. The solution was certainly worth the cost.

    What's my experience with pricing, setup cost, and licensing?

    I find the pricing of Azure Key Vault to be reasonable.

    Which other solutions did I evaluate?

    We did not evaluate any other options because we were fully on the Microsoft platform, so we went ahead with their recommendation.

    What other advice do I have?

    I would rate Azure Key Vault a nine out of ten. I recommend it as a good solution for those using Azure Cloud to host their services. The solution does not require any maintenance.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Microsoft Azure
    Disclosure: My company has a business relationship with this vendor other than being a customer: partner
    Flag as inappropriate
    PeerSpot user
    Erick Oliveira Da Silva - PeerSpot reviewer
    Senior Data Engineer at a tech company with 201-500 employees
    Real User
    Top 5Leaderboard
    Easy to deploy, and scale, and is user-friendly
    Pros and Cons
    • "The most valuable feature of the solution is the search for secrets feature that we use to store our passwords and connection strings."
    • "The voucher access policy can be improved by configuring it based on groups, rather than just applications or users."

    What is our primary use case?

    We use the Azure Key Vault to encrypt and to get our secrets such as passwords and connection strings.

    How has it helped my organization?

    The use of Azure Key Vault is vital to the security of our organization. Here we store our credentials, secrets, tokens, connection strings, and any other information needed to access external services and cloud providers. This service is essential to ensure a high level of security for our company.

    What is most valuable?

    The most valuable feature of the solution is the search for secrets feature that we use to store our passwords and connection strings. I also like objects such as keys and certificates.

    Azure Key Vault is simpler to use compared to other certificate or password managers such as HashiCorp Vault and ManageEngine Password Manager Pro.

    What needs improvement?

    We can currently configure RBAC, Azure role-based access control, or a voucher access policy. The voucher access policy can be improved by configuring it based on groups, rather than just applications or users.

    For how long have I used the solution?

    I have been using the solution for three years.

    What do I think about the stability of the solution?

    The solution is extremely stable. We have not had any issues or downtime with Azure Key Vault.

    What do I think about the scalability of the solution?

    The solution is scalable and always responds to our demands.

    We currently have around 500 people in our organization using the solution.

    How are customer service and support?

    The technical support team is good and they provided satisfactory results.

    How would you rate customer service and support?

    Positive

    How was the initial setup?

    The initial setup is straightforward. The deployment takes two to three minutes.

    What about the implementation team?

    The implementation was completed in-house.

    What was our ROI?

    We have seen a return on investment for our organization with Azure Key Vault because of its low price and security. 

    What's my experience with pricing, setup cost, and licensing?

    Compared to other solutions, Azure Key Vault is much cheaper. 

    I give the price of the solution a ten out of ten.

    What other advice do I have?

    I give the solution a ten out of ten.

    The solution is self-maintaining. We have implemented EIS, and infra as a code, and incorporated a CI/CD process to automate the maintenance in our environment.

    I always recommend going to Microsoft Learn for its rich knowledge base. Azure Key Vault is an excellent solution for improving organizational security, and it offers great value for money.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Download our free Azure Key Vault Report and get advice and tips from experienced pros sharing their opinions.
    Updated: March 2023
    Buyer's Guide
    Download our free Azure Key Vault Report and get advice and tips from experienced pros sharing their opinions.