A fully managed, highly available, single-tenant, standards-compliant cloud service that enables you to safeguard cryptographic keys for the cloud applications using FIPS 140-2 Level 3 validated HSMs. Services are available with the following features:
Fully Managed
HSM provisioning, configuration, patching and maintenance is handled by the service.
Highly Available
Each HSM cluster consists of multiple HSM partitions. If the hardware fails, member partitions for your HSM cluster will be automatically migrated to healthy nodes.
Single-tenant
Each managed HSM instance is dedicated to a single customer and consists of a cluster of multiple HSM partitions. Each HSM cluster uses a separate customer-specific security domain that cryptographically isolates each customer’s HSM cluster.
Azure Key Vault enables you to safeguard and control cryptographic keys and your secrets used by cloud apps and services with the following two options:
- Vaults to store and manage cryptographic keys, secrets and/or certificates and storage account keys.
- Managed HSM pool is another option for storing and managing HSM generated cryptographic keys.
Standard and Premium Tiers
| Parameters/Operations | Standard Tier | Premium Tier |
| Secrets Operations | $0.03/10K transactions | $0.03/10K transactions |
| Certificate Operations | Renewals $3 per renewal request. All other operations $0.03/10K transactions. | Renewal $3 per renewal request. All other operations $0.03/10K transactions |
| Managed Azure Storage Account Key Rotation | Free during preview. General availability price $1 per renewal | Free during preview. General availability price $1 per renewal. |
| Automated Key Rotation | $1 per scheduled rotation | $1 per scheduled rotation |