The Azure Key Vault Managed HSM (Hardware Security Module) team is pleased to announce that HashiCorp Vault is now a supported third-party integration with Azure Key Vault Managed HSM. Hardware-backed keys stored in Managed HSM can now be used to automatically unseal a HashiCorp Vault. This offers customers the convenience of using a Microsoft Cloud key manager for automatic unsealing while keeping keys within a secure hardware boundary and Microsoft further out of the Trusted Computing Base.
“This integration with HashiCorp is emblematic of Microsoft’s mission to empower every person and every organization on the planet to achieve more,” says Eric Doerr, Corporate Vice President, Microsoft Cloud Security. “We’re thrilled to be able to offer hardware-backed key management via our Managed HSM offering to HashiCorp, harnessing confidential compute technologies to help customers protect their data.”
HashiCorp Vault is an identity-based security solution that leverages trusted sources of identity to keep secrets and application data secure, including API keys, passwords, or certificates. HashiCorp Vaults must be unsealed with an unsealing key to provide access to data. With this integration, customers can now use Managed HSM to reduce the operational overhead associated with storing and serving this unsealing key.
“Microsoft and HashiCorp have a shared vision on the importance of securing and automating a multi-cloud operating model,” says Burzin Patel, VP of Global Alliances at HashiCorp. “This new integration with Microsoft’s Azure Key Vault Managed HSM and HashiCorp Vault enables us to streamline secrets management workflows that are critical in a zero trust security environment.”
Microsoft announced the general availability of Azure Key Vault Managed HSM in June 2021 as part of its next generation of key management products. Managed HSM offers customers a single-tenant, FIPS 140-2 Level 3 validated, “HSM-as-a-Service” and uses Azure’s Confidential Compute infrastructure to take Microsoft further out of the Trusted Compute Base (TCB). This provides increased confidentiality and isolation to customer workloads. It’s all part of Microsoft’s broader goal to accelerate cloud adoption by making the cloud more trustworthy.
The team is looking forward to building on this vision and bringing more third-party integrations to Managed HSM in the future. HashiCorp’s integration with Azure Key Vault’s Managed HSM is now generally available and can be downloaded here.
For more information on: