SOLVED

Azure Key Vault Service Limit

%3CLINGO-SUB%20id%3D%22lingo-sub-58398%22%20slang%3D%22en-US%22%3EAzure%20Key%20Vault%20Service%20Limit%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-58398%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%20would%20like%20to%20under%20will%20the%20service%20limit%20apply%20on%20following%20operations%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fkey-vault%2Fkey-vault-service-limits%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fkey-vault%2Fkey-vault-service-limits%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWrapKey%3C%2FP%3E%3CP%3EUnwrapKey%3C%2FP%3E%3CP%3EEncryptWithAKey%3C%2FP%3E%3CP%3EDecryptWithAKey%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20clarification%20would%20be%20appreciated!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20a%20high%20volume%20system%20and%20planning%20to%20use%20Azure%20Key%20Vault.%20Need%20to%20understand%20if%20limits%20are%20going%20to%20implicate%20our%20overall%20capacity%20planning.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-58398%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-59795%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Key%20Vault%20Service%20Limit%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-59795%22%20slang%3D%22en-US%22%3E%3CP%3EThank%20you%20very%20much%20for%20your%20response.%20I%20have%20designed%20an%20application%20pattern%20based%20on%20this%20input.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20opinion%20would%20be%20useful.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fblog.nilayparikh.com%2Fazure%2Fsecurity%2Fcloud-security-patterns-secure-application-secrets-with-secret-encryption-key-using-key-vault-and-rsa-hsm%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fblog.nilayparikh.com%2Fazure%2Fsecurity%2Fcloud-security-patterns-secure-application-secrets-with-secret-encryption-key-using-key-vault-and-rsa-hsm%2F%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20using%20Azure%20Key%20Vault%20for%20PCI-DSS%20and%20FinTech%20solution.%20Thus%20it%20was%20very%20much%20important%20to%20secure%20Application%20Secret%20at%20it%20best.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%3C%2FP%3E%3CP%3ENilay.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-58889%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Key%20Vault%20Service%20Limit%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-58889%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Nilay%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20service%20limit%20applies%20to%20the%20transactions%20you%20listed.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESee%20the%20%22Problem%20Statement%22%20for%20the%20%22Developer%20for%20an%20Azure%20application%22%20in%20the%20link%20below%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fkey-vault%2Fkey-vault-whatis%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fkey-vault%2Fkey-vault-whatis%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFor%20example%2C%20middle%20tier%20application%20can%20retrieve%20keys%20for%20signing%20and%20encryption%20from%20Key%20Vault%2C%20then%20use%20the%20keys%20to%20perform%20high%20volume%20signing%20or%20encryptions.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHTH%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

Hi, would like to under will the service limit apply on following operations?

 

https://docs.microsoft.com/en-us/azure/key-vault/key-vault-service-limits

 

WrapKey

UnwrapKey

EncryptWithAKey

DecryptWithAKey

 

Any clarification would be appreciated!

 

We have a high volume system and planning to use Azure Key Vault. Need to understand if limits are going to implicate our overall capacity planning.

2 Replies
best response confirmed by Daniel Martins (Microsoft)
Solution

Hi Nilay,

 

The service limit applies to the transactions you listed.

 

See the "Problem Statement" for the "Developer for an Azure application" in the link below:

 

https://docs.microsoft.com/en-us/azure/key-vault/key-vault-whatis

 

For example, middle tier application can retrieve keys for signing and encryption from Key Vault, then use the keys to perform high volume signing or encryptions.

 

HTH

 

Thank you very much for your response. I have designed an application pattern based on this input.

 

Any opinion would be useful.

 

https://blog.nilayparikh.com/azure/security/cloud-security-patterns-secure-application-secrets-with-...

 

We are using Azure Key Vault for PCI-DSS and FinTech solution. Thus it was very much important to secure Application Secret at it best.

 

Thanks,

Nilay.