Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article documents the security controls built into Azure Key Vault.
A security control is a quality or feature of an Azure service that contributes to the service's ability to prevent, detect, and respond to security vulnerabilities.
For each control, we use "Yes" or "No" to indicate whether it is currently in place for the service, "N/A" for a control that is not applicable to the service. We might also provide a note or links to more information about an attribute.
| Security control | Yes/No | Notes |
|---|---|---|
| Service endpoint support | Yes | Using Virtual Network (VNet) service endpoints. |
| VNet injection support | No | |
| Network isolation and firewalling support | Yes | Using VNet firewall rules. |
| Forced tunneling support | No |
| Security control | Yes/No | Notes |
|---|---|---|
| Azure monitoring support (Log analytics, App insights, etc.) | Yes | Using Log Analytics. |
| Control/Management plane Logging and Audit | Yes | Using Log Analytics. |
| Data plane logging and audit | Yes | Using Log Analytics. |
| Security control | Yes/No | Notes |
|---|---|---|
| Authentication | Yes | Authentication is through Microsoft Entra ID. |
| Authorization | Yes | Using Key Vault Access Policy. |
| Security control | Yes/No | Notes |
|---|---|---|
| Server-side encryption at rest: Microsoft-managed keys | Yes | All objects are encrypted. |
| Column level encryption (Azure Data Services) | N/A | |
| Encryption in transit (such as ExpressRoute encryption, in VNet encryption, and VNet-VNet encryption) | Yes | All communication is via encrypted API calls |
| API calls encrypted | Yes | Using HTTPS. |
| Security control | Yes/No | Notes |
|---|---|---|
| Control/Management plane access controls | Yes | Azure Resource Manager Role-Based Access Control (RBAC) |
| Data plane access controls (At every service level) | Yes | Key Vault Access Policy |