What are Azure Key Vault's soft-delete and purge protection features?
Please explain how Azure Key Vault's soft-delete and purge protection features work. How can I recover vaults that have been soft-deleted? Why do I need to enable soft-delete in order to use purge protection? Note: As we migrate from MSDN, this…
Should a Key Vault Owner be able to create/read/update Secrets after changing to RBAC?
I have 'Owner' access on a Key Vault. If I change 'Access Polity' to RBAC, I can no longer see existing secrets. I would have assumed 'OWNER' could do anything and not have to be in any addtional RBAC roles. I can access secrets if I grant…
Current Azure Key Vault FIPS 140-2 Level 2 proof
There was a similar (exact) question answered back in October of 2021, I'm not sure if things have changed since then so I figured I would ask just in case. We are looking to use Key Vault for housing keys and the audit company needs the make, model and…
Unable to upload files to azure blob storage account when using CMK keys
Hello, I'm trying to upload files to azure storage container with CMK keys and using azure key vault to store keys facing below error ERROR: Unable to acquire an access token for Key Vault from Azure Active Directory using the identity of this…
How to connect Azure Dev Ops to Key Vault, where Key Vault has public access disabled
I am trying to download key vault secrets through a YAML pipeline on Azure Dev Ops. I have the following set up: Key Vault is set up to have all public access disabled The Service principal for the Service Connection in my DevOps Project settings has…
Can I connect directly to CosmosDB from ADF using the key vault?
I am trying to set up an azure key vault key to connect from Azure Data Factory directly to CosmosDB. I am following this link but it seems to be for a web app service. https://learn.microsoft.com/en-us/azure/cosmos-db/store-credentials-key-vault This…
Where to store secret token retrieved during runtime?
Hi Team, I'm trying to visualize and best way to implement a very common enterprise use case. I'm using ADF, Key Vault, Azure SQL data base as inventories. Requirement is to fetch some data from an exposed API. Before calling the API I need to generate…
The key vault must have GET permissions on secret + Error While Configuring Application Gateway Listener
Hi I'm trying to add a Basic type listener to an Application Gateway instance. While doing so, I wish to choose an SSL Certificate stored in a Key Vault that has access policy configured to allow Get and List permissions to the user-assigned managed…
How to Reuse Key on Renewal for imported certificates in AKV
Hi, I met a problem when I tried to config Reuse Key on Renewal for my cert in AKV: I have 2 certs A and B. I download PEM file from A, and import the PEM file to B for B's new version. I found that every time after I import to create a new version in B,…
How do we prove to Security Auditors that Microsoft is using "FIPS 140-2 Level 2 validated HSMs" for Azure Key Vault (Premium)
Hello Support, Could you please clarify the following: How do we prove to Security Auditors that Microsoft is actually using "FIPS 140-2 Level 2 validated HSMs" for storing keys in Azure Key Vault (PREMIUM) service? How do we prove that…
Unable to Retrieve Azure Namespace Listings via Script, While Successful via Azure Cli
Hi everyone, I'm currently working on a JavaScript script aimed at listing down namespaces in using Azure libraries. However, despite following the correct steps, I'm encountering an issue where the script returns an empty list. Interestingly, when I…
How to access Key Vault secrets from a Synapse Spark Notebook?
I am trying to access Key Vault secrets from a Synapse Spark Notebook securely. I followed this documentation to set up a linked service with access to the Key Vault on Synapse:…
Crashing when accessing Key Vault from C++ application
I am following this guide to connect to my Key Vault from my C++ app: https://azuresdkdocs.blob.core.windows.net/$web/cpp/azure-security-keyvault-keys/4.1.0/index.html I am writing in C++ for Unreal. I am getting a consistent crash when trying to do…
Problem to generate blob storage SAS-token in WebApp
Hi, First I want to let you know that I'm beginner with Azure. I have a problem to generate SAS-token (view-access token) for my blob storage container in my webapp server code. I'll get an 403 (unauthorized) error when trying to generate the token. I…
Parse Azure Key Vault secret (Application/JSON format)
Hello, our client utilizes Hashicorp Vault to manage all secrets across their applications. While we support them on Azure, they've configured secrets for Oracle, AWS S3, and Synapse within Hashicorp. Azure offers connectivity with Hashicorp by…
Suitable backup location for the Certificate and DEK backup for a database with Transparent Data Encryption Enabled on SQL Server
I have SQL instances that will have TDE enabled soon and I need a backup option for the Certificate and DEK after the database has been encrypted, I don't want to have the files on the same location where the databases are hosted so I thought key vault…
Enabling Diagnostics setting in Azure Key vault
While enabling Diagnostic setting in my Key vault, I have two option to store the logs workspace and storage account. few questions If I choose storage account to store the logs, will I be able to run KQL queries on key vault ? will the stored logs be…
Microsoft recommendation error
Got the recommendation by defender "Diagnostic logs in Key Vault should be enabled". So I enabled diagnostic settings on the key vault and attached a storage account to it. Later when I went to check the recommendation status in the defender,…
how can i configure the key vault with JenkinsFile?
I had configure my azure key vault with my users and keys. Plugin Keyvault instaled in Jenkis File code. when i execute the code, how can i get the pass that returned of Jenkis File? thks. Thiago
how to fix error "A nested resource type must have identical number of segments as its resource name. A root resource type must have segment length one greater than its resource name"
Hello everyone, I am trying to create an ARM template to deploy secrets to key vault without manually adding them from portal. Attached are my parameters.json and main.json files. when deploying I am getting below error. Additionally, did anyone…