Azure Key Vault

Centralised vault for cryptographic keys, secrets, and certificates with HSM-backed keys, managed certificate renewal, and RBAC or access-policy enforcement

FluffyStack tools

Add to Service Builder Add to Compare Compare with equivalents Explore Azure in Treemap Explore security in Honeycomb See Azure regions on the World Map See security as a network Score jurisdiction exposure

Documentation Pricing Azure website

Jurisdictional exposure

Provider HQ

USRedmond, USA

Subject to CLOUD Act, FISA-702, DPF

Region locations

APACCNEEAEUUKUSOther73 regions across 7 jurisdictions

Sovereign option

Yes — 13 sovereign-flagged regions available

Full scorecard for this service →US lens detail →Sovereign cloud coverage map →

Attributes

SLA Uptime: 99.99%
Hsm Backed: Yes
Fips Compliant: Yes

Sub-services (4)

Secrets

Securely store and manage application secrets

Keys

Create and control encryption keys

Certificates

Manage SSL/TLS certificates lifecycle

Managed HSM

FIPS 140-2 Level 3 validated hardware security

Compliance & Certifications

This service is attested for the following frameworks. Always verify with the provider before relying on a specific compliance posture.

GDPR SOC 2 ISO 27001 HIPAA PCI DSS FedRAMP G-Cloud

Where this runs

73 regions

36 countries

13sovereign

Sovereign regions (13)

Australia Central · CanberraAzure Australia Government
Australia Central 2 · CanberraAzure Australia Government
US Gov Virginia · VirginiaAzure Government (US)
US Gov Arizona · ArizonaAzure Government (US)
US Gov Texas · TexasAzure Government (US)
US DoD East · VirginiaAzure Government Secret (US)
US DoD Central · IowaAzure Government Secret (US)
China North (Beijing) · BeijingMicrosoft Azure China (21Vianet)
China East (Shanghai) · ShanghaiMicrosoft Azure China (21Vianet)
China North 2 · BeijingMicrosoft Azure China (21Vianet)
China East 2 · ShanghaiMicrosoft Azure China (21Vianet)
China North 3 · HebeiMicrosoft Azure China (21Vianet)
China East 3 · ShanghaiMicrosoft Azure China (21Vianet)

Commercial regions (60)

Europe (21)

Austria East
Belgium Central
Denmark East
Finland Central
France South
France Central
Germany North
Germany West Central
Greece Central
North Europe
Italy North
West Europe
Norway East
Norway West
Poland Central
Spain Central
Sweden Central
Switzerland West
Switzerland North
UK West
UK South

North America (13)

Canada East
Canada Central
Mexico Central
West US
East US 3
North Central US
Central US
West US 3
South Central US
East US
East US 2
West US 2
West Central US

South America (3)

Brazil Southeast
Brazil South
Chile Central

Asia (13)

East Asia
South India
Jio India West
West India
Jio India Central
Central India
Indonesia Central
Japan West
Japan East
Malaysia West
Southeast Asia
Korea South
Korea Central

Oceania (3)

Australia East
Australia Southeast
New Zealand North

Middle East (5)

Israel Central
Qatar Central
Saudi Arabia Central
UAE Central
UAE North

Africa (2)

South Africa West
South Africa North

Equivalent services on other platforms

AWS KMSAWS

Create and manage cryptographic keys for encryption at rest and in transit with AWS-managed, customer-managed, and imported keys, automatic rotation, and FIPS 140-2 validated HSMs

AWS Secrets ManagerAWS

Fully managed service to store, rotate, and audit secrets such as database credentials, API keys, and OAuth tokens with native rotation Lambda integrations for RDS, Redshift, and DocumentDB

AWS Certificate ManagerAWS

Provision, manage, and deploy public and private SSL/TLS certificates for use with AWS services and internal connected resources, with free public certificates and fully managed private CA via ACM Private CA

Certificate ManagerGCP

Centralised TLS certificate provisioning and lifecycle management across Google-managed and self-managed certs, with wildcard and SAN support, automatic renewal, and deployment to External Application Load Balancers, Cross-Cloud Network Load Balancers, and Cloud Run

Cloud KMSGCP

Cloud-hosted key management for encryption at rest with symmetric and asymmetric keys, customer-supplied keys, HSM-backed keys, and automatic rotation

Secret ManagerGCP

Fully managed secret storage with automatic replication across regions, VPC Service Controls integration, CMEK encryption, version history, per-secret IAM, and rotation via Cloud Scheduler plus Cloud Run hooks — used by GKE, Cloud Run, and Compute Engine workloads

Certificate Authority ServiceGCP

Hosted private PKI for issuing and managing X.509 certificates inside an organisation — root and subordinate CAs, automated lifecycle (rotation, revocation), and Cloud KMS-backed signing keys, replacing self-managed OpenSSL or Active Directory CS deployments

Huawei Data Encryption Workshop (DEW)Huawei

Unified cryptographic services including Key Management Service for envelope encryption, Cloud Secret Management Service for secret storage and rotation, Key Pair Service for SSH key management, and Dedicated HSM for FIPS 140-2 Level 3 workloads

OpenStack BarbicanOpenStack

Key management service for symmetric and asymmetric keys, certificates, and other secret material — pluggable backends include software KMS, HSM via PKCS#11, Vault, and KMIP-compliant appliances. Equivalent to AWS KMS / Azure Key Vault / Cloud KMS in the cross-provider mapping

OCI VaultOracle

Centralised key and secret management service with HSM-backed symmetric and asymmetric keys, automatic rotation, and envelope encryption for OCI resources

OCI CertificatesOracle

Managed public and private TLS certificate service with private CA hierarchies, automatic rotation, wildcard and SAN support, and native integration with Load Balancer, API Gateway, and the OCI Web Application Firewall

Tencent Key Management ServiceTencent

Managed cryptographic key service with customer master keys (CMKs), envelope encryption for Tencent services, automatic and manual rotation, imported key material (BYOK), Managed HSM for single-tenant FIPS 140-2 Level 3 compliance, and audit logging via CloudAudit

Pricing

Pricing model:pay-as-you-go