Share via

what's the HMAC-SHA256 rate limit for HSM key vault

Shawn Ye 25 Reputation points Microsoft Employee
2025-10-21T06:46:32.2866667+00:00

Just want to check what's the HMAC-SHA256 rate limit for HSM key vault per single HSM instance as I don't see this described in documents any where. I understand that this performance varies based on several factors, like key size and incoming message size, but please kindly share numbers if you have done any experiments/benchmark before.

Thanks.

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
Answer accepted by question author
  1. Sridevi Machavarapu 7,610 Reputation points Microsoft External Staff Moderator
    2025-10-21T07:51:55.38+00:00

    Hi Shawn Ye,

    Microsoft hasn’t published specific throughput numbers for HMAC-SHA256 operations in Azure Key Vault HSM or Managed HSM. The exact performance can vary depending on message size, key usage, and request load.

    You can refer to the Azure Managed HSM scaling guidance, which outlines approximate throughput for symmetric and asymmetric operations such as AES and RSA. While HMAC isn’t listed separately, it can be considered comparable to other symmetric operations (for example, AES) that achieve several thousand operations per second per HSM instance under optimal conditions.

    For accurate planning, it’s recommended to test using your expected workload and message size.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful, which may help members with similar questions.

    User's image

    If you have any other questions or are still experiencing issues, feel free to ask in the "comments" section, and I'd be happy to help.

    1 person found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Muhammad Abbas 0 Reputation points
    2025-10-29T12:00:18.28+00:00

    The rate limit for HMAC-SHA256 operations in an HSM Key Vault can vary depending on factors such as the key size, the size of the incoming messages, and the specific HSM provider you're using. Unfortunately, the exact rate limit per single HSM instance is not typically specified in most public documentation.

    In my experience, performance can be influenced by the workload being processed, as well as the specific implementation of the HSM itself. Generally, HSMs are designed to provide robust security, but for high-throughput applications, it's important to account for factors like the number of concurrent operations, network latency, and potential bottlenecks in other parts of the system.

    For more detailed insights and real-world performance benchmarks, I would recommend conducting your own testing under specific workloads. Alternatively, feel free to visit for further guidance on optimizing cryptographic operations and understanding HSM performance.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.