Loading source
Pulling the file list, source metadata, and syntax-aware rendering for this listing.
Source from repo
Prepare Azure environments for new workloads—subscriptions, networking, identity, and landing zones
Files
Skill
Size
Entrypoint
Format
Open file
Syntax-highlighted preview of this file as included in the skill package.
references/services/key-vault/README.md
1# Azure Key Vault2Centralized secrets, keys, and certificate management.4## When to Use6- Storing application secrets8- Managing certificates9- Storing encryption keys10- Centralizing secret management11- Enabling secret rotation12## Required Supporting Resources14| Resource | Purpose |16|----------|---------|17| None required | Key Vault is self-contained |18| Private Endpoint | Secure access (optional) |19## SKU Selection21| SKU | Features |23|-----|----------|24| Standard | Software-protected keys |25| Premium | HSM-protected keys |26## RBAC Roles28| Role | Permissions |30|------|-------------|31| Key Vault Administrator | Full access |32| Key Vault Secrets Officer | Manage secrets |33| Key Vault Secrets User | Read secrets |34| Key Vault Certificates Officer | Manage certificates |35| Key Vault Crypto Officer | Manage keys |36## Environment Variables38| Variable | Value |40|----------|-------|41| `KEY_VAULT_URL` | `https://{vault-name}.vault.azure.net/` |42| `KEY_VAULT_NAME` | Vault name |43## Best Practices451. **Always use RBAC** over access policies472. **Enable soft delete and purge protection** for production483. **Use managed identities** instead of storing keys in apps494. **Set expiration dates** on secrets505. **Use separate vaults** for different environments51## References53- [Bicep Patterns](bicep.md)55- [SDK Access](sdk.md)56