Key Vault

Safeguard and maintain control of keys and other secrets


Azure Key Vault enables Azure subscribers to safeguard and control the cryptographic keys and other secrets that are used by cloud applications and services.

  • Protect secrets such as keys and passwords.
  • Set up and deploy new vaults and keys in minutes without waiting for purchases, hardware or IT, and centrally manage keys, secrets, and policies.
  • Maintain control of encrypted data - Authorize yourself and third parties and revoke the use of keys as needed.
  • Separation of key management responsibilities allows developers to easily manage keys for development/testing and production keys transferred seamlessly to security operations departments for management.
  • Rapid expansion can meet the encryption requirements of your cloud applications and satisfy high requirements.
  • Global redundancy can be achieved by provisioning vaults in Azure Global Data Center.

Pricing Details

*The following prices are tax-inclusive.

*Monthly pricing estimates are based on 744 hours of usage per month.
Keys for secrets and software protection ¥0.20/10,000 operations
Certificate operations 1 Renewals - ¥19.716/renewal request
All other operations - ¥0.20/10,000 operations

1 Key Vault does not issue certificates or resell certificates from CAs. Key Vault provides the ability to simplify and automate certain tasks on certificates that you purchase from Public CAs, such as enroll and renew.


Expand all
  • What can I store in the key vault?

    You can also store the following types of keys and secrets:

    • Keys can be imported or generated. When you ask the Key Vault service to decrypt or sign with a key, the operation is performed in the key vault.
    • You can also use keys for encryption. In this case, cryptographic operations are performed in software. These computations are performed in the Azure compute roles.
    • Secrets are data (under 25 KB) such as passwords or PFX files that your application can store and retrieve in plaintext. The Key Vault service persists secrets encrypted, and provides an access control layer over them.
  • How is an operation defined?

    Every successfully authenticated REST API call counts as one operation. Examples of key operations: create, import, get, list, backup, restore, delete, update, sign, verify, wrap, unwrap, encrypt and decrypt. Examples of operations for secrets: create/update, get, and list.

  • How are my various operations charged?

    Operations of all keys and secrets are charged at a flat rate of ¥0.20/10,000 operations, including operations on keys for secrets and software protection. For example, during a billing cycle, you performed 2,000 operations by using keys and 500 operations using secrets. Then 2,500 chargeable operations will be generated in this billing cycle.

  • Is there a setup fee for the Azure Key Vault?

    No, there is no any setup fee for the Azure Key Vault.

  • Can I use the Key Vault with third-party applications?

    Of course, you can grant use rights of keys stored in the Key Vault to any application hosted anywhere (Microsoft Azure, third-party cloud, local).

Support & SLA

If you have any questions or need help, please visitAzure Support and select self-help service or any other method to contact us for support.

We guarantee that in at least 99.9% of cases, key vault transactions can be processed within 5 seconds. To learn more about the details of our Service Level Agreement, please visit theService Level Agreements page.