Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Azure products are available in many Azure geographies, with each Azure geography containing one or more regions. For example, the China geography contains two regions--China North 2 and China North 3--while the sole region in the Brazil geography is Brazil South.
Azure Key Vault is a multitenant service that uses a pool of Hardware Security Modules (HSMs). All HSMs in a geography share the same cryptographic boundary, referred to as a "security world". Every geography corresponds to a single security world, and vice versa.
East US and West US share the same security world because they belong to the geography (United States). Similarly, all Azure regions in China share the same security world, as do all Azure regions in Australia, and so forth.
Backup and restore behavior
A backup taken of a key from a key vault in one Azure region can be restored to a key vault in another Azure region, as long as both of these conditions are true:
- Both of the Azure regions belong to the same geography.
- Both of the key vaults belong to the same Azure subscription.
For example, a backup taken of a key in a key vault can be restored to another key vault in the same subscription in the China geography (the China North 2 and China North 3 regions).