Azure Key Vault

  • A service that allows you to store tokens, passwords, certificates, and other secrets.
  • You can also create and manage the keys used to encrypt your data.


  • Soft delete allows a deleted key vault and its objects to be retrieved during the retention time you designate.
  • The retention period of a deleted vault is between 7 to 90 days.
  • With soft-delete and purge protection enabled, it will not purge a vault or object in the deleted state until the retention period has expired.
  • You may connect to a key vault via
    • A public endpoint in all networks
    • A public endpoint in selected networks
    • A private endpoint
  • IT Certification Category (English)728x90
  • Share access to your applications and resources without revealing your credentials.


  • A tenant is a representation of an organization.
    • Azure Active Directory allows you to publish multi-tenant applications.
    • Azure Active Directory (B2C) tenant represents a collection of identities.
  • A vault owner enables you to create a key vault and set up an auditing log of who has access to secrets and keys.
  • A vault consumer can only perform actions on the assets inside the key vault if the vault owner grants the consumer access.
  • A manageable item in Azure is called resource, and resource groups are containers that hold related resources.
  • Service principal gives you control over which resources can be accessed. At the same time, a managed identity eliminates the need for you to create and manage service principals directly since it provides Azure services with an automatically managed identity in Azure AD.
  • You can identify an Azure AD instance within your Azure subscription using a tenant ID.
  • An access policy grants the service principal (user group or application) permissions to perform various operations on Azure Key Vault keys, secrets, and certificates.
    • You can also configure the access policy from a template.
    • With access policy, you can enable access to:
      • Azure Virtual Machines for deployment – this will permit the VMs to retrieve certificates stored as secrets from the key vault.
      • Azure Resource Manager for template deployment – if this option is enabled, the ARM is permitted to retrieve secrets from the key vault.
      • Azure Disk Encryption for volume encryption – grants permission to retrieve secrets from the key vault and unwrap keys.
    • You can select a permission model between vault access policy or Azure RBAC.


  • You are charged if the key has been used at least once in the last 30 days (based on the key’s creation date).
  • You are charged for each historical version of a key.

Want to learn more about Azure? Watch the official Microsoft Azure YouTube channel’s video series called Azure Tips and Tricks.


Pass your AWS and Azure Certifications with the Tutorials Dojo Portal

Tutorials Dojo portal

Our Bestselling AWS Certified Solutions Architect Associate Practice Exams

AWS Certified Solutions Architect Associate Practice Exams

Enroll Now – Our AWS Practice Exams with 95% Passing Rate

AWS Practice Exams Tutorials Dojo

Enroll Now – Our Azure Certification Exam Reviewers

azure reviewers tutorials dojo

Tutorials Dojo Study Guide and Cheat Sheets eBooks

Tutorials Dojo Study Guide and Cheat Sheets-2

FREE Intro to Cloud Computing for Beginners

FREE AWS Practice Test Samplers

Browse Other Courses

Generic Category (English)300x250

Recent Posts