Azure BYOK

this integration guide covers the integration between the {{k3}} and azure key vault byok about azure key vault azure key vault enables you to manage keys, secrets, and certificates without needing to store security information in the code you can centralize application secrets and securely store secrets and keys backed by hardware security modules (hsms) key vault logs access and usage of your secrets so you have a complete audit trail for compliance for more general information about azure key vault, refer to the following article on the microsoft website https //docs microsoft com/en us/azure/key vault/general/overview what is byok? the key vault byok (bring your own key) feature enables importing existing asymmetric keys into a key vault with this integration, you can create asymmetric hsm protected keys on a {{k3}} device and push those keys to an azure key vault by using the {{k}} application interface you can use keys pushed to a key vault with the following services inside azure azure disk encryption the always encrypted and transparent data encryption functionality in sql server and azure sql database azure app service azure key vault also has an api that you can use with your applications to access and use keys stored in azure key vault with this integration, you create and store keys on the {{k3}} , synchronize them to an azure key vault, and manage them through the {{k}} application interface key benefits of the integration the azure key vault byok and {{k3}} integration provides the following benefits key provenance you are the sole owner of your keys, so you can control their location and distribution added assurance keys that you create on the {{k}} and import into azure never leave the hsm boundary even after they are in azure, the keys are stored on hardware security modules on the backend centralized key management you can manage your keys and access policies from a single location and user interface, whether the data they protect resides in the cloud or on your premises audit compliance many audits require you to escrow keys outside of the cloud provider this integration accomplishes this requirement integration overview to integrate {{k3}} with azure key vault byok, you must perform the following tasks configure azure credentials for communication with the {{k3}} configure the {{k3}} for integrating with azure azure key vault integration and key operations the following sections describe how to perform these tasks and how to monitor their progress and audit logs