Can Azure Key Vault be used for entire Subscription with multiple applications using the same?

%3CLINGO-SUB%20id%3D%22lingo-sub-749322%22%20slang%3D%22en-US%22%3ECan%20Azure%20Key%20Vault%20be%20used%20for%20entire%20Subscription%20with%20multiple%20applications%20using%20the%20same%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-749322%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ELooking%20for%20suggestions%2C%20to%20under%20if%20AKV%20should%20be%20used%20one%20per%20application%20or%26nbsp%3Bor%20one%20AKV%20for%20one%20subscription%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-749322%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-763330%22%20slang%3D%22en-US%22%3ERe%3A%20Can%20Azure%20Key%20Vault%20be%20used%20for%20entire%20Subscription%20with%20multiple%20applications%20using%20the%20same%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-763330%22%20slang%3D%22en-US%22%3E%3CP%3ESome%20things%20to%20take%20into%20consideration%20is%20how%20you%20would%20like%20the%20administration%20experience%20to%20be%20and%20how%20many%20resources%20end%20up%20inside%20the%20subscription.%20Key%20vaults%20are%20based%20on%20transactions%20for%20pricing%20so%20you%20could%20have%2010%20key%20vaults%20to%20logically%20separate%20out%20applications%20at%20no%20additional%20charge%20but%20that%20could%20impact%20the%20management%20experience.%20I%20would%20separate%20them%20out%20into%20different%20line%20of%20business%20or%20life-cycle%20groups%20personally.%20Check%20out%20the%20link%20below%20at%20the%20bottom%20of%20that%20Microsoft%20doc%20you%20can%20see%20some%20additional%20information.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fkey-vault%2Fkey-vault-whatis%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fkey-vault%2Fkey-vault-whatis%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%20%26nbsp%3B%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F180469%22%20target%3D%22_blank%22%3E%40Admin%20O365%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-766913%22%20slang%3D%22en-US%22%3ERe%3A%20Can%20Azure%20Key%20Vault%20be%20used%20for%20entire%20Subscription%20with%20multiple%20applications%20using%20the%20same%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-766913%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F180469%22%20target%3D%22_blank%22%3E%40Admin%20O365%3C%2FA%3E%26nbsp%3BHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYes%2C%20you%20can%20use%20a%20single%20Azure%20KeyVault%20to%20be%20used%20in%20several%20Subscriptions%2C%20this%20might%20be%20one%20Scenario.%20This%20might%20be%20confusing%20at%20some%20point%2C%20so%20maybe%20you%20split%20your%20different%20KeyVaults%20and%20separate%20them%20by%20Subscription%20or%20Application.%20This%20depends%20on%20how%20your%20Company%20might%20adapt%20the%20Cloud%20and%20cut%20the%20Subscriptions%2C%20Resource%20Groups%20and%20so%20on.%20Generally%2C%20within%20one%20Tenant%2C%20nearly%20all%20can%20be%20used%20over%20Subscription%20Borders%2C%20but%20always%20keep%20in%20mind%20growing%20and%20complexity.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHope%20i%20could%20help%20a%20bit.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EKind%20Regards%2C%20Peter%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1111337%22%20slang%3D%22en-US%22%3ERe%3A%20Can%20Azure%20Key%20Vault%20be%20used%20for%20entire%20Subscription%20with%20multiple%20applications%20using%20the%20same%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1111337%22%20slang%3D%22en-US%22%3EThe%20Azure%20Information%20Protection%20team%20recommends%20having%20a%20dedicated%20Key%20Vault%20for%20that%20application%3C%2FLINGO-BODY%3E
Frequent Contributor

 

Looking for suggestions, to under if AKV should be used one per application or or one AKV for one subscription

3 Replies

Some things to take into consideration is how you would like the administration experience to be and how many resources end up inside the subscription. Key vaults are based on transactions for pricing so you could have 10 key vaults to logically separate out applications at no additional charge but that could impact the management experience. I would separate them out into different line of business or life-cycle groups personally. Check out the link below at the bottom of that Microsoft doc you can see some additional information. 

 

https://docs.microsoft.com/en-us/azure/key-vault/key-vault-whatis

 

    @Admin O365 

@Admin O365 Hello,

 

Yes, you can use a single Azure KeyVault to be used in several Subscriptions, this might be one Scenario. This might be confusing at some point, so maybe you split your different KeyVaults and separate them by Subscription or Application. This depends on how your Company might adapt the Cloud and cut the Subscriptions, Resource Groups and so on. Generally, within one Tenant, nearly all can be used over Subscription Borders, but always keep in mind growing and complexity.

 

Hope i could help a bit.

 

Kind Regards, Peter

The Azure Information Protection team recommends having a dedicated Key Vault for that application