Azure Key Vault 服务限制Azure Key Vault service limits

以下是 Azure 密钥保管库的服务限制。Here are the service limits for Azure Key Vault.

密钥事务数(每个区域的每个保管库在 10 秒内允许的事务数上限1):Key transactions (maximum transactions allowed in 10 seconds, per vault per region1):

密钥类型Key type 软件密钥Software key
CREATE 密钥CREATE key
Software-keySoftware-key
所有其他事务All other transactions
RSA 2,048 位RSA 2,048-bit 10 个10 2,0002,000
RSA 3,072 位RSA 3,072-bit 10 个10 500500
RSA 4,096 位RSA 4,096-bit 10 个10 250250
ECC P-256ECC P-256 10 个10 2,0002,000
ECC P-384ECC P-384 10 个10 2,0002,000
ECC P-521ECC P-521 10 个10 2,0002,000
ECC SECP256K1ECC SECP256K1 10 个10 2,0002,000

备注

在上表中,我们看到,对于 RSA 2,048 位软件密钥,每 10 秒允许 2,000 个 GET 事务。In the previous table, we see that for RSA 2,048-bit software keys, 2,000 GET transactions per 10 seconds are allowed.

限制阈值是加权的,并且是针对其总和施加的。The throttling thresholds are weighted, and enforcement is on their sum. 例如,如上表所示,对 RSA 软件密钥执行 GET 操作时,使用 4,096 位密钥的开销是使用 2,048 位密钥的开销的 8 倍。For example, as shown in the previous table, when you perform GET operations on RSA Software-keys, it's eight times more expensive to use 4,096-bit keys compared to 2,048-bit keys. 这是因为 2,000/250 = 8。That's because 2,000/250 = 8.

在给定的 10 秒间隔内,Azure Key Vault 客户端在遇到 429 限制 HTTP 状态代码之前,只能执行以下操作之一In a given 10-second interval, an Azure Key Vault client can do only one of the following operations before it encounters a 429 throttling HTTP status code:

  • 2,000 个 RSA 2,048 位软件密钥 GET 事务2,000 RSA 2,048-bit software-key GET transactions
  • 250 个 RSA 4,096 位软件密钥 GET 事务250 RSA 4,096-bit Software-key GET transactions
  • 249 个 RSA 4,096 位软件密钥 GET 事务和 8 个 RSA 2,048 位软件密钥 GET 事务249 RSA 4,096-bit Software-key GET transactions and 8 RSA 2,048-bit Software-key GET transactions

机密、托管存储帐户密钥,以及保管库事务:Secrets, managed storage account keys, and vault transactions:

事务类型Transactions type 每个区域的每个保管库在 10 秒内允许的事务数上限1Maximum transactions allowed in 10 seconds, per vault per region1
所有事务All transactions 2,0002,000

有关超出这些限制时如何处理限制的信息,请参阅 Azure Key Vault 限制指南For information on how to handle throttling when these limits are exceeded, see Azure Key Vault throttling guidance.

1 所有事务类型的订阅范围限制是每个密钥保管库限制的 5 倍。1 A subscription-wide limit for all transaction types is five times per key vault limit. 例如,每个订阅的“软件 - 其他”事务限制为每个订阅 10 秒内 10,000 个事务。For example, Software-other transactions per subscription are limited to 10,000 transactions in 10 seconds per subscription.