Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
External Key Management is an approach where organizations generate, store, and manage encryption keys outside of cloud infrastructure, while using those keys to protect data in cloud services. This approach can address key sovereignty requirements for organizations that need greater control over cryptographic material for data sovereignty and compliance in regulated sectors.
Azure Key Vault Managed HSM provides key sovereignty by giving customers full control of cryptographic keys through FIPS 140-3 Level 3 validated security, single-tenant isolation, and customer-controlled security domains. This approach delivers strong sovereignty guarantees while maintaining Azure's service-level agreements and eliminating the operational overhead of managing physical HSM infrastructure. For more information about Sovereign Public Cloud capabilities, see Capabilities of Sovereign Public Cloud.
For information about Azure's key management solutions and how they address sovereignty requirements, see:
- Key management in Azure
- How to choose the right key management solution
- What is Azure Key Vault Managed HSM?
See also
- Azure Key Vault - Azure Key Vault documentation
- Key management controls - key management considerations for sovereign cloud
- Microsoft Sovereign Cloud overview - broader sovereignty capabilities
- Customer-managed keys and encryption options in Azure - encryption fundamentals