Azure KMS

To set up Akeyless KMS Integration with Azure KMS, follow these steps:

  1. Create a new Key Vault in Azure.

  2. Create a new Azure Target in the Akeyless Vault. You can do it either from the Akeyless CLI or in the Akeyless Console.

📘

Note

Remember to give the Azure Target the Key Vault Administrator permissions to manage the Azure Key Vault.

  1. Create a classic key in the Akeyless Vault. You can do it either from the Akeyless CLI or in the Gateway Configuration Manager.

You can also upload the keys that currently exist outside of the Akeyless Vault.

👍

Tip

Any classic key will be protected using the Akeyless DFC key (you can select a DFC key with Zero-Knowledge Encryption).

The following key types are supported: RSA1024, RSA2048, RSA3072, RSA4096, EC256, EC384.

  1. Make sure to associate the key with the Azure Target. When you attach a key, a copy of the key material is securely transferred to the Azure Key Vault in accordance with the Azure key import specification.

For Azure targets, you'll need the following parameters for the assoc-target-item command:

  • vault-name: A name of the vault you created in the first step.
  • key-operations: An array with allowed operations for the key.

For RSA keys, allowed key operations are: decrypt, encrypt, sign, unwrap, verify, wrap.

For ECC keys, allowed key operations are: sign, verify.


Did this page help you?