FAQ

• What can I store in the key vault?

  You can also store the following types of keys and secrets:

  • Keys can be imported or generated. When you ask the Key Vault service to decrypt or sign with a key, the operation is performed in the key vault.
  • You can also use keys for encryption. In this case, cryptographic operations are performed in software. These computations are performed in the Azure compute roles.
  • Secrets are data (under 25 KB) such as passwords or PFX files that your application can store and retrieve in plaintext. The Key Vault service persists secrets encrypted, and provides an access control layer over them.
• How is an operation defined?

  Every successfully authenticated REST API call counts as one operation. Examples of key operations: create, import, get, list, backup, restore, delete, update, sign, verify, wrap, unwrap, encrypt and decrypt. Examples of operations for secrets: create/update, get, and list.

• How are my various operations charged?

  Operations of all keys and secrets are charged at a flat rate of ￥0.20/10,000 operations, including operations on keys for secrets and software protection. For example, during a billing cycle, you performed 2,000 operations by using keys and 500 operations using secrets. Then 2,500 chargeable operations will be generated in this billing cycle.

• Is there a setup fee for the Azure Key Vault?

  No, there is no any setup fee for the Azure Key Vault.

• Can I use the Key Vault with third-party applications?

  Of course, you can grant use rights of keys stored in the Key Vault to any application hosted anywhere (Microsoft Azure, third-party cloud, local).

• If my application uses a key created by another Azure subscriber, will I be charged for using that key?

  No, only the key owner will be charged.