Blog Post

Microsoft Security Community Blog
1 MIN READ

Public Preview: Key Attestation for Azure Managed HSM

chenkaren's avatar
chenkaren
Icon for Microsoft rankMicrosoft
Mar 21, 2025

We are excited to announce the Public Preview of Key attestation for Azure Key Vault Managed HSM 

This feature allows you to validate the authenticity of cryptographic keys stored within the hardware security module (HSM) thereby enhancing trust in key management processes and further enabling compliance with stringent security standards. This feature is especially valuable in scenarios where customers need assurance that their keys are protected from unauthorized access, even from cloud providers. 

The key attestation process has four steps: 

  1. Downloading or cloning the Python scripts and requirements from our Github repository 
  2. Setting up a virtual environment and installing the required Python packages 
  3. Retrieving key attestation data from the HSM  
  4. Verifying the key’s authenticity and the attestation data file, and viewing parsed attributes of the attestation binary 

To learn more and try it out yourself, see the Key attestation product documentation.

Updated Mar 17, 2025
Version 1.0
azure managed hsm

2 Comments

Sort By
  • NickF2125's avatar
    NickF2125
    Copper Contributor
    May 08, 2025

    What are the chances we'll get this for the HSM-backed regular KeyVault? (not just Managed HSM). Google offer individual key attestation from GCP KMS. Could we get that here too?

    • chenkaren's avatar
      chenkaren
      Icon for Microsoft rankMicrosoft
      May 29, 2025

      Thanks for your feedback! We are looking at that as a possible addition to the roadmap.