{"id":"fb619413-e0db-43c6-a815-dc4ce01f64ac","shortId":"LQxC2C","kind":"skill","title":"azure-key-vault","tagline":"Expert knowledge for Azure Key Vault development including troubleshooting, best practices, decision making, limits & quotas, security, configuration, integrations & coding patterns, and deployment. Use when using Key Vault/Managed HSM for keys, secrets, certs, BYOK, rotation, or","description":"# Azure Key Vault Skill\n\nThis skill provides expert guidance for Azure Key Vault. Covers troubleshooting, best practices, decision making, limits & quotas, security, configuration, integrations & coding patterns, and deployment. It combines local quick-reference content with remote documentation fetching capabilities.\n\n## How to Use This Skill\n\n> **IMPORTANT for Agent**: Use the **Category Index** below to locate relevant sections. For categories with line ranges (e.g., `L35-L120`), use `read_file` with the specified lines. For categories with file links (e.g., `[security.md](security.md)`), use `read_file` on the linked reference file\n\n> **IMPORTANT for Agent**: If `metadata.generated_at` is more than 3 months old, suggest the user pull the latest version from the repository. If `mcp_microsoftdocs` tools are not available, suggest the user install it: [Installation Guide](https://github.com/MicrosoftDocs/mcp/blob/main/README.md)\n\nThis skill requires **network access** to fetch documentation content:\n- **Preferred**: Use `mcp_microsoftdocs:microsoft_docs_fetch` with query string `from=learn-agent-skill`. Returns Markdown.\n- **Fallback**: Use `fetch_webpage` with query string `from=learn-agent-skill&accept=text/markdown`. Returns Markdown.\n\n## Category Index\n\n| Category | Lines | Description |\n|----------|-------|-------------|\n| Troubleshooting | L36-L44 | Diagnosing and fixing Key Vault errors: REST/API error codes, access policy failures, Private Link misconfig, and Azure Policy enforcement issues. |\n| Best Practices | L45-L55 | Best practices for HSM/BYOK key generation and transfer, secure key management, disaster recovery for Managed HSM, and automating single/dual-credential secret rotation in Key Vault. |\n| Decision Making | L56-L62 | Guidance on planning key and HSM capacity, scaling, and migrating cryptographic workloads or Key Vault access control from access policies to RBAC |\n| Limits & Quotas | L63-L73 | Key Vault and Managed HSM limits: throttling, quotas, logging latency, secret size, soft-delete/recovery, and network/IP firewall configuration. |\n| Security | L74-L98 | Securing Key Vault and Managed HSM: auth, RBAC vs access policies, network/firewall/private endpoints, Zero Trust, backups/soft-delete, and hardening/security best practices. |\n| Configuration | L99-L122 | Configuring Key Vault and Managed HSM: monitoring, alerts, logging, policies, key types/rotation/secure release, BYOK imports, ARM templates, and special secret formats. |\n| Integrations & Coding Patterns | L123-L151 | How to integrate Key Vault with CAs, Event Grid, Private Link, Databricks, and use language SDKs (Go/.NET/Python/JS) for keys, secrets, certs, backup/restore, rotation, and crypto. |\n| Deployment | L152-L155 | How to deploy and provision Azure Key Vault and Managed HSM (vaults, keys, secrets) using ARM templates, Bicep, Terraform, Azure CLI, and PowerShell |\n\n### Troubleshooting\n| Topic | URL |\n|-------|-----|\n| Resolve common Azure Key Vault error codes | https://learn.microsoft.com/en-us/azure/key-vault/general/common-error-codes |\n| Diagnose and fix Azure Key Vault Private Link configuration issues | https://learn.microsoft.com/en-us/azure/key-vault/general/private-link-diagnostics |\n| Interpret Azure Key Vault REST API error codes | https://learn.microsoft.com/en-us/azure/key-vault/general/rest-error-codes |\n| Troubleshoot Azure Policy enforcement on Key Vault | https://learn.microsoft.com/en-us/azure/key-vault/general/troubleshoot-azure-policy-for-key-vault |\n| Troubleshoot Azure Key Vault access policy failures | https://learn.microsoft.com/en-us/azure/key-vault/general/troubleshooting-access-issues |\n\n### Best Practices\n| Topic | URL |\n|-------|-----|\n| Plan and execute BYOK HSM key transfers to Key Vault | https://learn.microsoft.com/en-us/azure/key-vault/keys/hsm-protected-keys |\n| Implement BYOK HSM-protected keys for Azure Key Vault | https://learn.microsoft.com/en-us/azure/key-vault/keys/hsm-protected-keys-byok |\n| Apply secure key management practices in Azure Key Vault | https://learn.microsoft.com/en-us/azure/key-vault/keys/secure-keys |\n| Execute disaster recovery for Azure Managed HSM disruptions | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/disaster-recovery-guide |\n| Generate and import BYOK HSM keys into Azure Managed HSM | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/hsm-protected-keys-byok |\n| Automate single-credential secret rotation with Key Vault | https://learn.microsoft.com/en-us/azure/key-vault/secrets/tutorial-rotation |\n| Automate dual-credential secret rotation with Key Vault | https://learn.microsoft.com/en-us/azure/key-vault/secrets/tutorial-rotation-dual |\n\n### Decision Making\n| Topic | URL |\n|-------|-----|\n| Plan and execute migration of cryptographic key workloads | https://learn.microsoft.com/en-us/azure/key-vault/general/migrate-key-workloads |\n| Migrate Azure Key Vault from access policies to RBAC | https://learn.microsoft.com/en-us/azure/key-vault/general/rbac-migration |\n| Plan capacity and scaling for Azure Managed HSM | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/scaling-guidance |\n\n### Limits & Quotas\n| Topic | URL |\n|-------|-----|\n| Configure and interpret Azure Key Vault logging latency | https://learn.microsoft.com/en-us/azure/key-vault/general/logging |\n| Understand and handle Azure Key Vault throttling limits | https://learn.microsoft.com/en-us/azure/key-vault/general/overview-throttling |\n| Review Azure Key Vault and Managed HSM service limits | https://learn.microsoft.com/en-us/azure/key-vault/general/service-limits |\n| Configure Managed HSM IP firewall and network security | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/configure-network-security |\n| Review Azure Managed HSM service limits and quotas | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/service-limits |\n| Use soft-delete and recovery for Managed HSM resources | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/soft-delete-overview |\n| Understand Azure Key Vault secret size limits | https://learn.microsoft.com/en-us/azure/key-vault/secrets/about-secrets |\n\n### Security\n| Topic | URL |\n|-------|-----|\n| Apply security best practices for Key Vault certificates | https://learn.microsoft.com/en-us/azure/key-vault/certificates/secure-certificates |\n| Allow Azure Key Vault access from clients behind firewalls | https://learn.microsoft.com/en-us/azure/key-vault/general/access-behind-firewall |\n| Prepare for Azure Key Vault RBAC default and API retirement | https://learn.microsoft.com/en-us/azure/key-vault/general/access-control-default |\n| Assign Key Vault access policies with Azure CLI | https://learn.microsoft.com/en-us/azure/key-vault/general/assign-access-policy |\n| Configure authentication to Azure Key Vault with Entra ID | https://learn.microsoft.com/en-us/azure/key-vault/general/authentication |\n| Configure network security options for Azure Key Vault | https://learn.microsoft.com/en-us/azure/key-vault/general/network-security |\n| Secure Key Vault access with virtual network service endpoints | https://learn.microsoft.com/en-us/azure/key-vault/general/overview-vnet-service-endpoints |\n| Choose Azure RBAC vs access policies for Key Vault | https://learn.microsoft.com/en-us/azure/key-vault/general/rbac-access-policy |\n| Configure Azure RBAC permissions for Key Vault access | https://learn.microsoft.com/en-us/azure/key-vault/general/rbac-guide |\n| Apply Zero Trust security practices to Azure Key Vault | https://learn.microsoft.com/en-us/azure/key-vault/general/secure-key-vault |\n| Configure and use Azure Key Vault soft-delete safely | https://learn.microsoft.com/en-us/azure/key-vault/general/soft-delete-overview |\n| Manage access control and authorization for Managed HSM | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/access-control |\n| Configure Azure Resource Manager access to Managed HSM | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/authorize-azure-resource-manager |\n| Perform full and selective backup/restore for Azure Managed HSM | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/backup-restore |\n| Use Managed HSM built-in local RBAC roles | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/built-in-roles |\n| Implement secure access control for Azure Managed HSM | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/how-to-secure-access |\n| Configure network security and firewall for Managed HSM | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/network-security |\n| Configure Managed HSM private endpoints with Private Link | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/private-link |\n| Manage data plane RBAC roles for Azure Managed HSM | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/role-management |\n| Harden Azure Managed HSM with security controls | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/secure-managed-hsm |\n| Apply security best practices for Azure Key Vault secrets | https://learn.microsoft.com/en-us/azure/key-vault/secrets/secure-secrets |\n\n### Configuration\n| Topic | URL |\n|-------|-----|\n| Configure health and throttling alerts for Azure Key Vault | https://learn.microsoft.com/en-us/azure/key-vault/general/alert |\n| Formulate authenticated JSON requests to Azure Key Vault | https://learn.microsoft.com/en-us/azure/key-vault/general/authentication-requests-and-responses |\n| Apply Azure Policy to govern Azure Key Vault | https://learn.microsoft.com/en-us/azure/key-vault/general/azure-policy |\n| Enable and configure Azure Key Vault diagnostic logging | https://learn.microsoft.com/en-us/azure/key-vault/general/howto-logging |\n| Configure monitoring for Azure Key Vault with Azure Monitor | https://learn.microsoft.com/en-us/azure/key-vault/general/monitor-key-vault |\n| Reference for Azure Key Vault monitoring metrics and logs | https://learn.microsoft.com/en-us/azure/key-vault/general/monitor-key-vault-reference |\n| Create Azure Key Vault using ARM template settings | https://learn.microsoft.com/en-us/azure/key-vault/general/vault-create-template |\n| Use supported key types and algorithms in Azure Key Vault | https://learn.microsoft.com/en-us/azure/key-vault/keys/about-keys-details |\n| Follow BYOK specification for importing HSM keys to Key Vault | https://learn.microsoft.com/en-us/azure/key-vault/keys/byok-specification |\n| Configure automatic cryptographic key rotation in Azure Key Vault | https://learn.microsoft.com/en-us/azure/key-vault/keys/how-to-configure-key-rotation |\n| Author secure key release policies in Key Vault | https://learn.microsoft.com/en-us/azure/key-vault/keys/policy-grammar |\n| Configure health and performance alerts for Managed HSM | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/configure-alerts |\n| Configure automated key rotation in Azure Managed HSM | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/key-rotation |\n| Configure logging and audit events for Azure Managed HSM | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/logging |\n| Monitor Azure Managed HSM with Azure Monitor | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/logging-azure-monitor |\n| Configure multi-region replication for Azure Managed HSM | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/multi-region-replication |\n| Author secure key release policies for Managed HSM | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/policy-grammar |\n| Configure soft-delete and purge protection for Managed HSM | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/recovery |\n| Integrate Managed HSM logs with Microsoft Sentinel | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/sentinel |\n| Configure Azure Key Vault to store multiline secrets | https://learn.microsoft.com/en-us/azure/key-vault/secrets/multiline-secrets |\n\n### Integrations & Coding Patterns\n| Topic | URL |\n|-------|-----|\n| Integrate Azure Key Vault with DigiCert CA | https://learn.microsoft.com/en-us/azure/key-vault/certificates/how-to-integrate-certificate-authority |\n| Use Go Key Vault certificates client library | https://learn.microsoft.com/en-us/azure/key-vault/certificates/quick-create-go |\n| Use .NET Key Vault certificates client library | https://learn.microsoft.com/en-us/azure/key-vault/certificates/quick-create-net |\n| Use Python Key Vault certificates client library | https://learn.microsoft.com/en-us/azure/key-vault/certificates/quick-create-python |\n| Trigger Logic Apps from Key Vault events via Event Grid | https://learn.microsoft.com/en-us/azure/key-vault/general/event-grid-logicapps |\n| Integrate Azure Key Vault events with Azure Event Grid | https://learn.microsoft.com/en-us/azure/key-vault/general/event-grid-overview |\n| Handle Azure Key Vault notifications with Event Grid and Automation | https://learn.microsoft.com/en-us/azure/key-vault/general/event-grid-tutorial |\n| Access Blob Storage via Databricks and Key Vault | https://learn.microsoft.com/en-us/azure/key-vault/general/integrate-databricks-blob-storage |\n| Integrate Azure Key Vault with Azure Private Link | https://learn.microsoft.com/en-us/azure/key-vault/general/private-link-service |\n| Back up, delete, and restore keys in JavaScript | https://learn.microsoft.com/en-us/azure/key-vault/keys/javascript-developer-guide-backup-delete-restore-key |\n| Create and rotate Key Vault keys in JavaScript | https://learn.microsoft.com/en-us/azure/key-vault/keys/javascript-developer-guide-create-update-rotate-key |\n| Enable or disable Key Vault keys in JavaScript | https://learn.microsoft.com/en-us/azure/key-vault/keys/javascript-developer-guide-enable-disable-key |\n| Encrypt and decrypt with Key Vault keys in JavaScript | https://learn.microsoft.com/en-us/azure/key-vault/keys/javascript-developer-guide-encrypt-decrypt-key |\n| Retrieve Azure Key Vault keys in JavaScript | https://learn.microsoft.com/en-us/azure/key-vault/keys/javascript-developer-guide-get-key |\n| Import keys into Azure Key Vault with JavaScript | https://learn.microsoft.com/en-us/azure/key-vault/keys/javascript-developer-guide-import-key |\n| List Azure Key Vault keys using JavaScript | https://learn.microsoft.com/en-us/azure/key-vault/keys/javascript-developer-guide-list-key-version |\n| Sign and verify with Key Vault keys in JavaScript | https://learn.microsoft.com/en-us/azure/key-vault/keys/javascript-developer-guide-sign-verify-key |\n| Use Managed HSM TLS Offload library with F5 and Nginx | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/tls-offload-library |\n| Back up and restore Key Vault secrets in JavaScript | https://learn.microsoft.com/en-us/azure/key-vault/secrets/javascript-developer-guide-backup-secrets |\n| Delete and purge Key Vault secrets with JavaScript | https://learn.microsoft.com/en-us/azure/key-vault/secrets/javascript-developer-guide-delete-secret |\n| Enable or disable Key Vault secrets using JavaScript | https://learn.microsoft.com/en-us/azure/key-vault/secrets/javascript-developer-guide-enable-disable-secret |\n| List and find Key Vault secrets using JavaScript | https://learn.microsoft.com/en-us/azure/key-vault/secrets/javascript-developer-guide-find-secret |\n| Retrieve Azure Key Vault secrets with JavaScript | https://learn.microsoft.com/en-us/azure/key-vault/secrets/javascript-developer-guide-get-secret |\n| Use Azure Key Vault secrets from JavaScript applications | https://learn.microsoft.com/en-us/azure/key-vault/secrets/javascript-developer-guide-get-started |\n| Create, update, and rotate Key Vault secrets with JavaScript | https://learn.microsoft.com/en-us/azure/key-vault/secrets/javascript-developer-guide-set-update-rotate-secret |\n\n### Deployment\n| Topic | URL |\n|-------|-----|\n| Provision Key Vault and key using Terraform | https://learn.microsoft.com/en-us/azure/key-vault/keys/quick-create-terraform |","tags":["azure","key","vault","agent","skills","microsoftdocs","agent-skills","agentic-skills","agentskill","ai-agents","ai-coding","azure-functions"],"capabilities":["skill","source-microsoftdocs","skill-azure-key-vault","topic-agent","topic-agent-skills","topic-agentic-skills","topic-agentskill","topic-ai-agents","topic-ai-coding","topic-azure","topic-azure-functions","topic-azure-kubernetes-service","topic-azure-openai","topic-azure-sql-database","topic-azure-storage"],"categories":["Agent-Skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/MicrosoftDocs/Agent-Skills/azure-key-vault","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add MicrosoftDocs/Agent-Skills","source_repo":"https://github.com/MicrosoftDocs/Agent-Skills","install_from":"skills.sh"}},"qualityScore":"0.700","qualityRationale":"deterministic score 0.70 from registry signals: · indexed on github topic:agent-skills · 549 github stars · SKILL.md body (15,972 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T18:53:54.848Z","embedding":null,"createdAt":"2026-04-18T21:59:19.770Z","updatedAt":"2026-05-18T18:53:54.848Z","lastSeenAt":"2026-05-18T18:53:54.848Z","tsv":"'/en-us/azure/key-vault/certificates/how-to-integrate-certificate-authority':1188 '/en-us/azure/key-vault/certificates/quick-create-go':1198 '/en-us/azure/key-vault/certificates/quick-create-net':1208 '/en-us/azure/key-vault/certificates/quick-create-python':1218 '/en-us/azure/key-vault/certificates/secure-certificates':708 '/en-us/azure/key-vault/general/access-behind-firewall':720 '/en-us/azure/key-vault/general/access-control-default':733 '/en-us/azure/key-vault/general/alert':955 '/en-us/azure/key-vault/general/assign-access-policy':744 '/en-us/azure/key-vault/general/authentication':756 '/en-us/azure/key-vault/general/authentication-requests-and-responses':966 '/en-us/azure/key-vault/general/azure-policy':977 '/en-us/azure/key-vault/general/common-error-codes':439 '/en-us/azure/key-vault/general/event-grid-logicapps':1231 '/en-us/azure/key-vault/general/event-grid-overview':1243 '/en-us/azure/key-vault/general/event-grid-tutorial':1256 '/en-us/azure/key-vault/general/howto-logging':988 '/en-us/azure/key-vault/general/integrate-databricks-blob-storage':1267 '/en-us/azure/key-vault/general/logging':626 '/en-us/azure/key-vault/general/migrate-key-workloads':588 '/en-us/azure/key-vault/general/monitor-key-vault':1000 '/en-us/azure/key-vault/general/monitor-key-vault-reference':1012 '/en-us/azure/key-vault/general/network-security':767 '/en-us/azure/key-vault/general/overview-throttling':637 '/en-us/azure/key-vault/general/overview-vnet-service-endpoints':779 '/en-us/azure/key-vault/general/private-link-diagnostics':452 '/en-us/azure/key-vault/general/private-link-service':1278 '/en-us/azure/key-vault/general/rbac-access-policy':791 '/en-us/azure/key-vault/general/rbac-guide':802 '/en-us/azure/key-vault/general/rbac-migration':600 '/en-us/azure/key-vault/general/rest-error-codes':463 '/en-us/azure/key-vault/general/secure-key-vault':814 '/en-us/azure/key-vault/general/service-limits':649 '/en-us/azure/key-vault/general/soft-delete-overview':827 '/en-us/azure/key-vault/general/troubleshoot-azure-policy-for-key-vault':473 '/en-us/azure/key-vault/general/troubleshooting-access-issues':483 '/en-us/azure/key-vault/general/vault-create-template':1023 '/en-us/azure/key-vault/keys/about-keys-details':1036 '/en-us/azure/key-vault/keys/byok-specification':1049 '/en-us/azure/key-vault/keys/how-to-configure-key-rotation':1061 '/en-us/azure/key-vault/keys/hsm-protected-keys':500 '/en-us/azure/key-vault/keys/hsm-protected-keys-byok':513 '/en-us/azure/key-vault/keys/javascript-developer-guide-backup-delete-restore-key':1289 '/en-us/azure/key-vault/keys/javascript-developer-guide-create-update-rotate-key':1300 '/en-us/azure/key-vault/keys/javascript-developer-guide-enable-disable-key':1311 '/en-us/azure/key-vault/keys/javascript-developer-guide-encrypt-decrypt-key':1323 '/en-us/azure/key-vault/keys/javascript-developer-guide-get-key':1333 '/en-us/azure/key-vault/keys/javascript-developer-guide-import-key':1344 '/en-us/azure/key-vault/keys/javascript-developer-guide-list-key-version':1354 '/en-us/azure/key-vault/keys/javascript-developer-guide-sign-verify-key':1366 '/en-us/azure/key-vault/keys/policy-grammar':1072 '/en-us/azure/key-vault/keys/quick-create-terraform':1470 '/en-us/azure/key-vault/keys/secure-keys':525 '/en-us/azure/key-vault/managed-hsm/access-control':838 '/en-us/azure/key-vault/managed-hsm/authorize-azure-resource-manager':849 '/en-us/azure/key-vault/managed-hsm/backup-restore':861 '/en-us/azure/key-vault/managed-hsm/built-in-roles':873 '/en-us/azure/key-vault/managed-hsm/configure-alerts':1083 '/en-us/azure/key-vault/managed-hsm/configure-network-security':660 '/en-us/azure/key-vault/managed-hsm/disaster-recovery-guide':536 '/en-us/azure/key-vault/managed-hsm/how-to-secure-access':884 '/en-us/azure/key-vault/managed-hsm/hsm-protected-keys-byok':549 '/en-us/azure/key-vault/managed-hsm/key-rotation':1094 '/en-us/azure/key-vault/managed-hsm/logging':1106 '/en-us/azure/key-vault/managed-hsm/logging-azure-monitor':1116 '/en-us/azure/key-vault/managed-hsm/multi-region-replication':1128 '/en-us/azure/key-vault/managed-hsm/network-security':895 '/en-us/azure/key-vault/managed-hsm/policy-grammar':1139 '/en-us/azure/key-vault/managed-hsm/private-link':906 '/en-us/azure/key-vault/managed-hsm/recovery':1152 '/en-us/azure/key-vault/managed-hsm/role-management':918 '/en-us/azure/key-vault/managed-hsm/scaling-guidance':611 '/en-us/azure/key-vault/managed-hsm/secure-managed-hsm':928 '/en-us/azure/key-vault/managed-hsm/sentinel':1162 '/en-us/azure/key-vault/managed-hsm/service-limits':671 '/en-us/azure/key-vault/managed-hsm/soft-delete-overview':684 '/en-us/azure/key-vault/managed-hsm/tls-offload-library':1379 '/en-us/azure/key-vault/secrets/about-secrets':694 '/en-us/azure/key-vault/secrets/javascript-developer-guide-backup-secrets':1391 '/en-us/azure/key-vault/secrets/javascript-developer-guide-delete-secret':1402 '/en-us/azure/key-vault/secrets/javascript-developer-guide-enable-disable-secret':1413 '/en-us/azure/key-vault/secrets/javascript-developer-guide-find-secret':1424 '/en-us/azure/key-vault/secrets/javascript-developer-guide-get-secret':1434 '/en-us/azure/key-vault/secrets/javascript-developer-guide-get-started':1445 '/en-us/azure/key-vault/secrets/javascript-developer-guide-set-update-rotate-secret':1457 '/en-us/azure/key-vault/secrets/multiline-secrets':1173 '/en-us/azure/key-vault/secrets/secure-secrets':940 '/en-us/azure/key-vault/secrets/tutorial-rotation':561 '/en-us/azure/key-vault/secrets/tutorial-rotation-dual':573 '/microsoftdocs/mcp/blob/main/readme.md)':167 '/recovery':315 '3':138 'accept':206 'access':172,228,288,291,333,478,594,713,737,771,784,799,829,843,876,1257 'agent':87,131,190,204 'alert':355,948,1077 'algorithm':1029 'allow':709 'api':458,729 'app':1221 'appli':514,698,803,929,967 'applic':1442 'arm':363,419,1018 'assign':734 'audit':1098 'auth':330 'authent':746,957 'author':832,1062,1129 'autom':261,550,562,1085,1253 'automat':1051 'avail':157 'azur':2,8,40,50,235,409,423,432,443,454,465,475,508,520,530,544,590,606,619,630,639,662,686,710,723,740,748,762,781,793,809,818,840,856,879,913,920,934,950,961,968,972,981,992,996,1003,1014,1031,1056,1089,1101,1108,1112,1123,1164,1180,1233,1238,1245,1269,1273,1325,1337,1346,1426,1436 'azure-key-vault':1 'back':1279,1380 'backup/restore':396,854 'backups/soft-delete':339 'behind':716 'best':14,55,239,244,342,484,700,931 'bicep':421 'blob':1258 'built':866 'built-in':865 'byok':37,361,491,502,540,1038 'ca':1185 'capabl':79 'capac':279,602 'cas':381 'categori':90,98,114,210,212 'cert':36,395 'certif':705,1193,1203,1213 'choos':780 'cli':424,741 'client':715,1194,1204,1214 'code':23,64,227,370,436,460,1175 'combin':69 'common':431 'configur':21,62,319,344,348,448,616,650,745,757,792,815,839,885,896,941,944,980,989,1050,1073,1084,1095,1117,1140,1163 'content':74,176 'control':289,830,877,925 'cover':53 'creat':1013,1290,1446 'credenti':553,565 'crypto':399 'cryptograph':283,583,1052 'data':908 'databrick':386,1261 'decis':16,57,268,574 'decrypt':1314 'default':727 'delet':314,675,823,1143,1281,1392 'deploy':26,67,400,406,1458 'descript':214 'develop':11 'diagnos':219,440 'diagnost':984 'digicert':1184 'disabl':1303,1405 'disast':255,527 'disrupt':533 'doc':182 'document':77,175 'dual':564 'dual-credenti':563 'e.g':102,118 'enabl':978,1301,1403 'encrypt':1312 'endpoint':336,776,900 'enforc':237,467 'entra':752 'error':224,226,435,459 'event':382,1099,1225,1227,1236,1239,1250 'execut':490,526,580 'expert':5,47 'f5':1374 'failur':230,480 'fallback':194 'fetch':78,174,183,196 'file':108,116,123,128 'find':1416 'firewal':318,654,717,889 'fix':221,442 'follow':1037 'format':368 'formul':956 'full':851 'generat':249,537 'github.com':166 'github.com/microsoftdocs/mcp/blob/main/readme.md)':165 'go':1190 'go/.net/python/js':391 'govern':971 'grid':383,1228,1240,1251 'guid':164 'guidanc':48,273 'handl':629,1244 'harden':919 'hardening/security':341 'health':945,1074 'hsm':32,259,278,304,329,353,414,492,504,532,541,546,608,644,652,664,680,835,846,858,864,881,892,898,915,922,1042,1080,1091,1103,1110,1125,1136,1149,1155,1369 'hsm-protect':503 'hsm/byok':247 'id':753 'implement':501,874 'import':85,129,362,539,1041,1334 'includ':12 'index':91,211 'instal':161,163 'integr':22,63,369,377,1153,1174,1179,1232,1268 'interpret':453,618 'ip':653 'issu':238,449 'javascript':1286,1297,1308,1320,1330,1341,1351,1363,1388,1399,1410,1421,1431,1441,1454 'json':958 'key':3,9,30,34,41,51,222,248,253,266,276,286,300,325,349,358,378,393,410,416,433,444,455,469,476,493,496,506,509,516,521,542,557,569,584,591,620,631,640,687,703,711,724,735,749,763,769,787,797,810,819,935,951,962,973,982,993,1004,1015,1026,1032,1043,1045,1053,1057,1064,1068,1086,1131,1165,1181,1191,1201,1211,1223,1234,1246,1263,1270,1284,1293,1295,1304,1306,1316,1318,1326,1328,1335,1338,1347,1349,1359,1361,1384,1395,1406,1417,1427,1437,1450,1462,1465 'knowledg':6 'l120':105 'l122':347 'l123':373 'l123-l151':372 'l151':374 'l152':402 'l152-l155':401 'l155':403 'l35':104 'l35-l120':103 'l36':217 'l36-l44':216 'l44':218 'l45':242 'l45-l55':241 'l55':243 'l56':271 'l56-l62':270 'l62':272 'l63':298 'l63-l73':297 'l73':299 'l74':322 'l74-l98':321 'l98':323 'l99':346 'l99-l122':345 'languag':389 'latenc':309,623 'latest':146 'learn':189,203 'learn-agent-skil':188,202 'learn.microsoft.com':438,451,462,472,482,499,512,524,535,548,560,572,587,599,610,625,636,648,659,670,683,693,707,719,732,743,755,766,778,790,801,813,826,837,848,860,872,883,894,905,917,927,939,954,965,976,987,999,1011,1022,1035,1048,1060,1071,1082,1093,1105,1115,1127,1138,1151,1161,1172,1187,1197,1207,1217,1230,1242,1255,1266,1277,1288,1299,1310,1322,1332,1343,1353,1365,1378,1390,1401,1412,1423,1433,1444,1456,1469 'learn.microsoft.com/en-us/azure/key-vault/certificates/how-to-integrate-certificate-authority':1186 'learn.microsoft.com/en-us/azure/key-vault/certificates/quick-create-go':1196 'learn.microsoft.com/en-us/azure/key-vault/certificates/quick-create-net':1206 'learn.microsoft.com/en-us/azure/key-vault/certificates/quick-create-python':1216 'learn.microsoft.com/en-us/azure/key-vault/certificates/secure-certificates':706 'learn.microsoft.com/en-us/azure/key-vault/general/access-behind-firewall':718 'learn.microsoft.com/en-us/azure/key-vault/general/access-control-default':731 'learn.microsoft.com/en-us/azure/key-vault/general/alert':953 'learn.microsoft.com/en-us/azure/key-vault/general/assign-access-policy':742 'learn.microsoft.com/en-us/azure/key-vault/general/authentication':754 'learn.microsoft.com/en-us/azure/key-vault/general/authentication-requests-and-responses':964 'learn.microsoft.com/en-us/azure/key-vault/general/azure-policy':975 'learn.microsoft.com/en-us/azure/key-vault/general/common-error-codes':437 'learn.microsoft.com/en-us/azure/key-vault/general/event-grid-logicapps':1229 'learn.microsoft.com/en-us/azure/key-vault/general/event-grid-overview':1241 'learn.microsoft.com/en-us/azure/key-vault/general/event-grid-tutorial':1254 'learn.microsoft.com/en-us/azure/key-vault/general/howto-logging':986 'learn.microsoft.com/en-us/azure/key-vault/general/integrate-databricks-blob-storage':1265 'learn.microsoft.com/en-us/azure/key-vault/general/logging':624 'learn.microsoft.com/en-us/azure/key-vault/general/migrate-key-workloads':586 'learn.microsoft.com/en-us/azure/key-vault/general/monitor-key-vault':998 'learn.microsoft.com/en-us/azure/key-vault/general/monitor-key-vault-reference':1010 'learn.microsoft.com/en-us/azure/key-vault/general/network-security':765 'learn.microsoft.com/en-us/azure/key-vault/general/overview-throttling':635 'learn.microsoft.com/en-us/azure/key-vault/general/overview-vnet-service-endpoints':777 'learn.microsoft.com/en-us/azure/key-vault/general/private-link-diagnostics':450 'learn.microsoft.com/en-us/azure/key-vault/general/private-link-service':1276 'learn.microsoft.com/en-us/azure/key-vault/general/rbac-access-policy':789 'learn.microsoft.com/en-us/azure/key-vault/general/rbac-guide':800 'learn.microsoft.com/en-us/azure/key-vault/general/rbac-migration':598 'learn.microsoft.com/en-us/azure/key-vault/general/rest-error-codes':461 'learn.microsoft.com/en-us/azure/key-vault/general/secure-key-vault':812 'learn.microsoft.com/en-us/azure/key-vault/general/service-limits':647 'learn.microsoft.com/en-us/azure/key-vault/general/soft-delete-overview':825 'learn.microsoft.com/en-us/azure/key-vault/general/troubleshoot-azure-policy-for-key-vault':471 'learn.microsoft.com/en-us/azure/key-vault/general/troubleshooting-access-issues':481 'learn.microsoft.com/en-us/azure/key-vault/general/vault-create-template':1021 'learn.microsoft.com/en-us/azure/key-vault/keys/about-keys-details':1034 'learn.microsoft.com/en-us/azure/key-vault/keys/byok-specification':1047 'learn.microsoft.com/en-us/azure/key-vault/keys/how-to-configure-key-rotation':1059 'learn.microsoft.com/en-us/azure/key-vault/keys/hsm-protected-keys':498 'learn.microsoft.com/en-us/azure/key-vault/keys/hsm-protected-keys-byok':511 'learn.microsoft.com/en-us/azure/key-vault/keys/javascript-developer-guide-backup-delete-restore-key':1287 'learn.microsoft.com/en-us/azure/key-vault/keys/javascript-developer-guide-create-update-rotate-key':1298 'learn.microsoft.com/en-us/azure/key-vault/keys/javascript-developer-guide-enable-disable-key':1309 'learn.microsoft.com/en-us/azure/key-vault/keys/javascript-developer-guide-encrypt-decrypt-key':1321 'learn.microsoft.com/en-us/azure/key-vault/keys/javascript-developer-guide-get-key':1331 'learn.microsoft.com/en-us/azure/key-vault/keys/javascript-developer-guide-import-key':1342 'learn.microsoft.com/en-us/azure/key-vault/keys/javascript-developer-guide-list-key-version':1352 'learn.microsoft.com/en-us/azure/key-vault/keys/javascript-developer-guide-sign-verify-key':1364 'learn.microsoft.com/en-us/azure/key-vault/keys/policy-grammar':1070 'learn.microsoft.com/en-us/azure/key-vault/keys/quick-create-terraform':1468 'learn.microsoft.com/en-us/azure/key-vault/keys/secure-keys':523 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/access-control':836 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/authorize-azure-resource-manager':847 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/backup-restore':859 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/built-in-roles':871 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/configure-alerts':1081 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/configure-network-security':658 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/disaster-recovery-guide':534 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/how-to-secure-access':882 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/hsm-protected-keys-byok':547 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/key-rotation':1092 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/logging':1104 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/logging-azure-monitor':1114 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/multi-region-replication':1126 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/network-security':893 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/policy-grammar':1137 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/private-link':904 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/recovery':1150 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/role-management':916 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/scaling-guidance':609 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/secure-managed-hsm':926 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/sentinel':1160 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/service-limits':669 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/soft-delete-overview':682 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/tls-offload-library':1377 'learn.microsoft.com/en-us/azure/key-vault/secrets/about-secrets':692 'learn.microsoft.com/en-us/azure/key-vault/secrets/javascript-developer-guide-backup-secrets':1389 'learn.microsoft.com/en-us/azure/key-vault/secrets/javascript-developer-guide-delete-secret':1400 'learn.microsoft.com/en-us/azure/key-vault/secrets/javascript-developer-guide-enable-disable-secret':1411 'learn.microsoft.com/en-us/azure/key-vault/secrets/javascript-developer-guide-find-secret':1422 'learn.microsoft.com/en-us/azure/key-vault/secrets/javascript-developer-guide-get-secret':1432 'learn.microsoft.com/en-us/azure/key-vault/secrets/javascript-developer-guide-get-started':1443 'learn.microsoft.com/en-us/azure/key-vault/secrets/javascript-developer-guide-set-update-rotate-secret':1455 'learn.microsoft.com/en-us/azure/key-vault/secrets/multiline-secrets':1171 'learn.microsoft.com/en-us/azure/key-vault/secrets/secure-secrets':938 'learn.microsoft.com/en-us/azure/key-vault/secrets/tutorial-rotation':559 'learn.microsoft.com/en-us/azure/key-vault/secrets/tutorial-rotation-dual':571 'librari':1195,1205,1215,1372 'limit':18,59,295,305,612,634,646,666,691 'line':100,112,213 'link':117,126,232,385,447,903,1275 'list':1345,1414 'local':70,868 'locat':94 'log':308,356,622,985,1009,1096,1156 'logic':1220 'make':17,58,269,575 'manag':254,258,303,328,352,413,517,531,545,607,643,651,663,679,828,834,842,845,857,863,880,891,897,907,914,921,1079,1090,1102,1109,1124,1135,1148,1154,1368 'markdown':193,209 'mcp':152,179 'metadata.generated':133 'metric':1007 'microsoft':181,1158 'microsoftdoc':153,180 'migrat':282,581,589 'misconfig':233 'monitor':354,990,997,1006,1107,1113 'month':139 'multi':1119 'multi-region':1118 'multilin':1169 'net':1200 'network':171,656,758,774,886 'network/firewall/private':335 'network/ip':317 'nginx':1376 'notif':1248 'offload':1371 'old':140 'option':760 'pattern':24,65,371,1176 'perform':850,1076 'permiss':795 'plan':275,488,578,601 'plane':909 'polici':229,236,292,334,357,466,479,595,738,785,969,1066,1133 'powershel':426 'practic':15,56,240,245,343,485,518,701,807,932 'prefer':177 'prepar':721 'privat':231,384,446,899,902,1274 'protect':505,1146 'provid':46 'provis':408,1461 'pull':144 'purg':1145,1394 'python':1210 'queri':185,199 'quick':72 'quick-refer':71 'quota':19,60,296,307,613,668 'rang':101 'rbac':294,331,597,726,782,794,869,910 'read':107,122 'recoveri':256,528,677 'refer':73,127,1001 'region':1120 'releas':360,1065,1132 'relev':95 'remot':76 'replic':1121 'repositori':150 'request':959 'requir':170 'resolv':430 'resourc':681,841 'rest':457 'rest/api':225 'restor':1283,1383 'retir':730 'retriev':1324,1425 'return':192,208 'review':638,661 'role':870,911 'rotat':38,264,397,555,567,1054,1087,1292,1449 'safe':824 'scale':280,604 'sdks':390 'secret':35,263,310,367,394,417,554,566,689,937,1170,1386,1397,1408,1419,1429,1439,1452 'section':96 'secur':20,61,252,320,324,515,657,695,699,759,768,806,875,887,924,930,1063,1130 'security.md':119,120 'select':853 'sentinel':1159 'servic':645,665,775 'set':1020 'sign':1355 'singl':552 'single-credenti':551 'single/dual-credential':262 'size':311,690 'skill':43,45,84,169,191,205 'skill-azure-key-vault' 'soft':313,674,822,1142 'soft-delet':312,673,821,1141 'source-microsoftdocs' 'special':366 'specif':1039 'specifi':111 'storag':1259 'store':1168 'string':186,200 'suggest':141,158 'support':1025 'templat':364,420,1019 'terraform':422,1467 'text/markdown':207 'throttl':306,633,947 'tls':1370 'tool':154 'topic':428,486,576,614,696,942,1177,1459 'topic-agent' 'topic-agent-skills' 'topic-agentic-skills' 'topic-agentskill' 'topic-ai-agents' 'topic-ai-coding' 'topic-azure' 'topic-azure-functions' 'topic-azure-kubernetes-service' 'topic-azure-openai' 'topic-azure-sql-database' 'topic-azure-storage' 'transfer':251,494 'trigger':1219 'troubleshoot':13,54,215,427,464,474 'trust':338,805 'type':1027 'types/rotation/secure':359 'understand':627,685 'updat':1447 'url':429,487,577,615,697,943,1178,1460 'use':27,29,82,88,106,121,178,195,388,418,672,817,862,1017,1024,1189,1199,1209,1350,1367,1409,1420,1435,1466 'user':143,160 'vault':4,10,42,52,223,267,287,301,326,350,379,411,415,434,445,456,470,477,497,510,522,558,570,592,621,632,641,688,704,712,725,736,750,764,770,788,798,811,820,936,952,963,974,983,994,1005,1016,1033,1046,1058,1069,1166,1182,1192,1202,1212,1224,1235,1247,1264,1271,1294,1305,1317,1327,1339,1348,1360,1385,1396,1407,1418,1428,1438,1451,1463 'vault/managed':31 'verifi':1357 'version':147 'via':1226,1260 'virtual':773 'vs':332,783 'webpag':197 'workload':284,585 'zero':337,804","prices":[{"id":"555c2696-432a-440f-9387-9eb921e5dd94","listingId":"fb619413-e0db-43c6-a815-dc4ce01f64ac","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"MicrosoftDocs","category":"Agent-Skills","install_from":"skills.sh"},"createdAt":"2026-04-18T21:59:19.770Z"}],"sources":[{"listingId":"fb619413-e0db-43c6-a815-dc4ce01f64ac","source":"github","sourceId":"MicrosoftDocs/Agent-Skills/azure-key-vault","sourceUrl":"https://github.com/MicrosoftDocs/Agent-Skills/tree/main/skills/azure-key-vault","isPrimary":false,"firstSeenAt":"2026-04-18T21:59:19.770Z","lastSeenAt":"2026-05-18T18:53:54.848Z"}],"details":{"listingId":"fb619413-e0db-43c6-a815-dc4ce01f64ac","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"MicrosoftDocs","slug":"azure-key-vault","github":{"repo":"MicrosoftDocs/Agent-Skills","stars":549,"topics":["agent","agent-skills","agentic-skills","agentskill","ai","ai-agents","ai-coding","azure","azure-functions","azure-kubernetes-service","azure-openai","azure-sql-database","azure-storage","azure-virtual-machine","claude-code","github-copilot","microsoft-learn","openai-codex","skills"],"license":"cc-by-4.0","html_url":"https://github.com/MicrosoftDocs/Agent-Skills","pushed_at":"2026-05-17T02:50:05Z","description":"Curated Agent Skills for Microsoft & Azure – giving AI coding assistants structured, real-time expertise from Microsoft Learn docs.","skill_md_sha":"5eb6091372f6be5523c746ab02c881fd1f718f7a","skill_md_path":"skills/azure-key-vault/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/MicrosoftDocs/Agent-Skills/tree/main/skills/azure-key-vault"},"layout":"multi","source":"github","category":"Agent-Skills","frontmatter":{"name":"azure-key-vault","description":"Expert knowledge for Azure Key Vault development including troubleshooting, best practices, decision making, limits & quotas, security, configuration, integrations & coding patterns, and deployment. Use when using Key Vault/Managed HSM for keys, secrets, certs, BYOK, rotation, or Private Link–secured access, and other Azure Key Vault related development tasks. Not for Azure Dedicated HSM (use azure-dedicated-hsm), Azure Cloud Hsm (use azure-cloud-hsm), Azure Payment Hsm (use azure-payment-hsm), Azure Information Protection (use azure-information-protection).","compatibility":"Requires network access. Uses mcp_microsoftdocs:microsoft_docs_fetch or fetch_webpage to retrieve documentation."},"skills_sh_url":"https://skills.sh/MicrosoftDocs/Agent-Skills/azure-key-vault"},"updatedAt":"2026-05-18T18:53:54.848Z"}}