{"id":"fb619413-e0db-43c6-a815-dc4ce01f64ac","shortId":"LQxC2C","kind":"skill","title":"azure-key-vault","tagline":"Expert knowledge for Azure Key Vault development including troubleshooting, best practices, decision making, limits & quotas, security, configuration, integrations & coding patterns, and deployment. Use when using Key Vault/Managed HSM APIs, RBAC vs access policies, Private Link,","description":"# Azure Key Vault Skill\n\nThis skill provides expert guidance for Azure Key Vault. Covers troubleshooting, best practices, decision making, limits & quotas, security, configuration, integrations & coding patterns, and deployment. It combines local quick-reference content with remote documentation fetching capabilities.\n\n## How to Use This Skill\n\n> **IMPORTANT for Agent**: Use the **Category Index** below to locate relevant sections. For categories with line ranges (e.g., `L35-L120`), use `read_file` with the specified lines. For categories with file links (e.g., `[security.md](security.md)`), use `read_file` on the linked reference file\n\n> **IMPORTANT for Agent**: If `metadata.generated_at` is more than 3 months old, suggest the user pull the latest version from the repository. If `mcp_microsoftdocs` tools are not available, suggest the user install it: [Installation Guide](https://github.com/MicrosoftDocs/mcp/blob/main/README.md)\n\nThis skill requires **network access** to fetch documentation content:\n- **Preferred**: Use `mcp_microsoftdocs:microsoft_docs_fetch` with query string `from=learn-agent-skill`. Returns Markdown.\n- **Fallback**: Use `fetch_webpage` with query string `from=learn-agent-skill&accept=text/markdown`. Returns Markdown.\n\n## Category Index\n\n| Category | Lines | Description |\n|----------|-------|-------------|\n| Troubleshooting | L36-L44 | Diagnosing and fixing Key Vault errors: REST/API error codes, access policy failures, Private Link misconfig, and Azure Policy enforcement issues. |\n| Best Practices | L45-L55 | Guidance on BYOK/HSM key import, key/secret security best practices, disaster recovery for Managed HSM, and automating single/dual-credential secret rotation in Key Vault. |\n| Decision Making | L56-L62 | Guidance on planning key and HSM capacity, scaling, and migrating cryptographic workloads or Key Vault access control from access policies to RBAC |\n| Limits & Quotas | L63-L73 | Key Vault/Managed HSM limits: throttling, quotas, size constraints, logging latency, soft-delete behavior, and network/IP firewall configuration. |\n| Security | L74-L99 | Securing Azure Key Vault and Managed HSM: auth, RBAC vs access policies, firewalls, Private Link, soft-delete, backups, and security best practices for keys, secrets, and certificates. |\n| Configuration | L100-L123 | Configuring Key Vault and Managed HSM: monitoring, alerts, logging, policies, key types/rotation, secure key release, replication, and special secret formats (e.g., multiline). |\n| Integrations & Coding Patterns | L124-L151 | Using Key Vault from code and services: JS/Go/.NET/Python client patterns for keys/secrets/certs, rotation and backup, plus integrations with Event Grid, Logic Apps, Databricks, DigiCert, and TLS offload. |\n| Deployment | L152-L155 | How to deploy and provision Azure Key Vault and Managed HSM (vaults, keys, secrets) using ARM templates, Bicep, Terraform, Azure CLI, and PowerShell |\n\n### Troubleshooting\n| Topic | URL |\n|-------|-----|\n| Resolve common Azure Key Vault error codes | https://learn.microsoft.com/en-us/azure/key-vault/general/common-error-codes |\n| Diagnose and fix Azure Key Vault Private Link configuration issues | https://learn.microsoft.com/en-us/azure/key-vault/general/private-link-diagnostics |\n| Interpret Azure Key Vault REST API error codes | https://learn.microsoft.com/en-us/azure/key-vault/general/rest-error-codes |\n| Troubleshoot Azure Policy enforcement on Key Vault | https://learn.microsoft.com/en-us/azure/key-vault/general/troubleshoot-azure-policy-for-key-vault |\n| Troubleshoot Azure Key Vault access policy failures | https://learn.microsoft.com/en-us/azure/key-vault/general/troubleshooting-access-issues |\n\n### Best Practices\n| Topic | URL |\n|-------|-----|\n| Plan and execute BYOK HSM key transfers to Key Vault | https://learn.microsoft.com/en-us/azure/key-vault/keys/hsm-protected-keys |\n| Implement BYOK HSM-protected keys for Azure Key Vault | https://learn.microsoft.com/en-us/azure/key-vault/keys/hsm-protected-keys-byok |\n| Apply security best practices for Azure Key Vault keys | https://learn.microsoft.com/en-us/azure/key-vault/keys/secure-keys |\n| Execute disaster recovery for Azure Managed HSM disruptions | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/disaster-recovery-guide |\n| Generate and import BYOK HSM keys into Azure Managed HSM | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/hsm-protected-keys-byok |\n| Automate single-credential secret rotation with Key Vault | https://learn.microsoft.com/en-us/azure/key-vault/secrets/tutorial-rotation |\n| Automate dual-credential secret rotation with Key Vault | https://learn.microsoft.com/en-us/azure/key-vault/secrets/tutorial-rotation-dual |\n\n### Decision Making\n| Topic | URL |\n|-------|-----|\n| Plan and execute migration of cryptographic key workloads | https://learn.microsoft.com/en-us/azure/key-vault/general/migrate-key-workloads |\n| Migrate Azure Key Vault from access policies to RBAC | https://learn.microsoft.com/en-us/azure/key-vault/general/rbac-migration |\n| Plan capacity and scaling for Azure Managed HSM | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/scaling-guidance |\n\n### Limits & Quotas\n| Topic | URL |\n|-------|-----|\n| Configure and interpret Azure Key Vault logging latency | https://learn.microsoft.com/en-us/azure/key-vault/general/logging |\n| Understand and handle Azure Key Vault throttling limits | https://learn.microsoft.com/en-us/azure/key-vault/general/overview-throttling |\n| Review Azure Key Vault and Managed HSM service limits | https://learn.microsoft.com/en-us/azure/key-vault/general/service-limits |\n| Configure Managed HSM IP firewall and network security | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/configure-network-security |\n| Review Azure Managed HSM service limits and quotas | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/service-limits |\n| Understand soft-delete behavior and constraints in Managed HSM | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/soft-delete-overview |\n| Understand Azure Key Vault secret size limits | https://learn.microsoft.com/en-us/azure/key-vault/secrets/about-secrets |\n\n### Security\n| Topic | URL |\n|-------|-----|\n| Apply security best practices for Key Vault certificates | https://learn.microsoft.com/en-us/azure/key-vault/certificates/secure-certificates |\n| Allow Azure Key Vault access from clients behind firewalls | https://learn.microsoft.com/en-us/azure/key-vault/general/access-behind-firewall |\n| Prepare for Azure Key Vault RBAC default and API retirement | https://learn.microsoft.com/en-us/azure/key-vault/general/access-control-default |\n| Assign Key Vault access policies with Azure CLI | https://learn.microsoft.com/en-us/azure/key-vault/general/assign-access-policy |\n| Configure authentication to Azure Key Vault with Entra ID | https://learn.microsoft.com/en-us/azure/key-vault/general/authentication |\n| Configure network security, firewalls, and Private Link for Key Vault | https://learn.microsoft.com/en-us/azure/key-vault/general/network-security |\n| Secure Key Vault access with virtual network service endpoints | https://learn.microsoft.com/en-us/azure/key-vault/general/overview-vnet-service-endpoints |\n| Integrate Azure Key Vault with Private Link endpoints | https://learn.microsoft.com/en-us/azure/key-vault/general/private-link-service |\n| Choose Azure RBAC vs access policies for Key Vault | https://learn.microsoft.com/en-us/azure/key-vault/general/rbac-access-policy |\n| Configure Azure RBAC permissions for Key Vault access | https://learn.microsoft.com/en-us/azure/key-vault/general/rbac-guide |\n| Apply security best practices to Azure Key Vault | https://learn.microsoft.com/en-us/azure/key-vault/general/secure-key-vault |\n| Configure and use Azure Key Vault soft-delete safely | https://learn.microsoft.com/en-us/azure/key-vault/general/soft-delete-overview |\n| Manage access control and authorization for Managed HSM | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/access-control |\n| Configure Azure Resource Manager access to Managed HSM | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/authorize-azure-resource-manager |\n| Configure backup and selective restore for Azure Managed HSM | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/backup-restore |\n| Use Managed HSM built-in local RBAC roles | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/built-in-roles |\n| Implement secure access control for Azure Managed HSM | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/how-to-secure-access |\n| Configure network security and firewall for Managed HSM | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/network-security |\n| Configure Managed HSM private endpoints with Private Link | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/private-link |\n| Manage data plane RBAC roles for Azure Managed HSM | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/role-management |\n| Harden Azure Managed HSM with security controls | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/secure-managed-hsm |\n| Apply security best practices for Azure Key Vault secrets | https://learn.microsoft.com/en-us/azure/key-vault/secrets/secure-secrets |\n\n### Configuration\n| Topic | URL |\n|-------|-----|\n| Configure health and throttling alerts for Azure Key Vault | https://learn.microsoft.com/en-us/azure/key-vault/general/alert |\n| Formulate authenticated JSON requests to Azure Key Vault | https://learn.microsoft.com/en-us/azure/key-vault/general/authentication-requests-and-responses |\n| Apply Azure Policy to govern Azure Key Vault | https://learn.microsoft.com/en-us/azure/key-vault/general/azure-policy |\n| Enable and configure Azure Key Vault diagnostic logging | https://learn.microsoft.com/en-us/azure/key-vault/general/howto-logging |\n| Configure monitoring for Azure Key Vault with Azure Monitor | https://learn.microsoft.com/en-us/azure/key-vault/general/monitor-key-vault |\n| Reference for Azure Key Vault monitoring metrics and logs | https://learn.microsoft.com/en-us/azure/key-vault/general/monitor-key-vault-reference |\n| Create Azure Key Vault using ARM template settings | https://learn.microsoft.com/en-us/azure/key-vault/general/vault-create-template |\n| Use supported key types and algorithms in Azure Key Vault | https://learn.microsoft.com/en-us/azure/key-vault/keys/about-keys-details |\n| Follow BYOK specification for importing HSM keys to Key Vault | https://learn.microsoft.com/en-us/azure/key-vault/keys/byok-specification |\n| Configure automatic cryptographic key rotation in Azure Key Vault | https://learn.microsoft.com/en-us/azure/key-vault/keys/how-to-configure-key-rotation |\n| Author secure key release policies in Key Vault | https://learn.microsoft.com/en-us/azure/key-vault/keys/policy-grammar |\n| Configure health and performance alerts for Managed HSM | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/configure-alerts |\n| Set up key auto-rotation in Azure Managed HSM | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/key-rotation |\n| Configure logging and audit events for Azure Managed HSM | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/logging |\n| Monitor Azure Managed HSM with Azure Monitor | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/logging-azure-monitor |\n| Configure multi-region replication for Azure Managed HSM | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/multi-region-replication |\n| Author secure key release policies for Managed HSM | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/policy-grammar |\n| Configure soft-delete and purge protection in Managed HSM | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/recovery |\n| Integrate Managed HSM logs with Microsoft Sentinel | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/sentinel |\n| Configure Azure Key Vault to store multiline secrets | https://learn.microsoft.com/en-us/azure/key-vault/secrets/multiline-secrets |\n\n### Integrations & Coding Patterns\n| Topic | URL |\n|-------|-----|\n| Integrate Azure Key Vault with DigiCert CA | https://learn.microsoft.com/en-us/azure/key-vault/certificates/how-to-integrate-certificate-authority |\n| Use Go Key Vault certificates client library | https://learn.microsoft.com/en-us/azure/key-vault/certificates/quick-create-go |\n| Use .NET Key Vault certificates client library | https://learn.microsoft.com/en-us/azure/key-vault/certificates/quick-create-net |\n| Use Python Key Vault certificates client library | https://learn.microsoft.com/en-us/azure/key-vault/certificates/quick-create-python |\n| Trigger Logic Apps from Key Vault events via Event Grid | https://learn.microsoft.com/en-us/azure/key-vault/general/event-grid-logicapps |\n| Integrate Azure Key Vault events with Azure Event Grid | https://learn.microsoft.com/en-us/azure/key-vault/general/event-grid-overview |\n| Handle Azure Key Vault notifications with Event Grid and Automation | https://learn.microsoft.com/en-us/azure/key-vault/general/event-grid-tutorial |\n| Access Blob Storage via Databricks and Key Vault | https://learn.microsoft.com/en-us/azure/key-vault/general/integrate-databricks-blob-storage |\n| Back up, delete, and restore keys in JavaScript | https://learn.microsoft.com/en-us/azure/key-vault/keys/javascript-developer-guide-backup-delete-restore-key |\n| Create and rotate Key Vault keys in JavaScript | https://learn.microsoft.com/en-us/azure/key-vault/keys/javascript-developer-guide-create-update-rotate-key |\n| Enable or disable Key Vault keys in JavaScript | https://learn.microsoft.com/en-us/azure/key-vault/keys/javascript-developer-guide-enable-disable-key |\n| Encrypt and decrypt with Key Vault keys in JavaScript | https://learn.microsoft.com/en-us/azure/key-vault/keys/javascript-developer-guide-encrypt-decrypt-key |\n| Retrieve Azure Key Vault keys in JavaScript | https://learn.microsoft.com/en-us/azure/key-vault/keys/javascript-developer-guide-get-key |\n| Import keys into Azure Key Vault with JavaScript | https://learn.microsoft.com/en-us/azure/key-vault/keys/javascript-developer-guide-import-key |\n| List Azure Key Vault keys using JavaScript | https://learn.microsoft.com/en-us/azure/key-vault/keys/javascript-developer-guide-list-key-version |\n| Sign and verify with Key Vault keys in JavaScript | https://learn.microsoft.com/en-us/azure/key-vault/keys/javascript-developer-guide-sign-verify-key |\n| Use Managed HSM TLS Offload library with F5 and Nginx | https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/tls-offload-library |\n| Back up and restore Key Vault secrets in JavaScript | https://learn.microsoft.com/en-us/azure/key-vault/secrets/javascript-developer-guide-backup-secrets |\n| Delete and purge Key Vault secrets with JavaScript | https://learn.microsoft.com/en-us/azure/key-vault/secrets/javascript-developer-guide-delete-secret |\n| Enable or disable Key Vault secrets using JavaScript | https://learn.microsoft.com/en-us/azure/key-vault/secrets/javascript-developer-guide-enable-disable-secret |\n| List and find Key Vault secrets using JavaScript | https://learn.microsoft.com/en-us/azure/key-vault/secrets/javascript-developer-guide-find-secret |\n| Retrieve Azure Key Vault secrets with JavaScript | https://learn.microsoft.com/en-us/azure/key-vault/secrets/javascript-developer-guide-get-secret |\n| Use Azure Key Vault secrets from JavaScript applications | https://learn.microsoft.com/en-us/azure/key-vault/secrets/javascript-developer-guide-get-started |\n| Create, update, and rotate Key Vault secrets with JavaScript | https://learn.microsoft.com/en-us/azure/key-vault/secrets/javascript-developer-guide-set-update-rotate-secret |\n\n### Deployment\n| Topic | URL |\n|-------|-----|\n| Provision Key Vault and key using Terraform | https://learn.microsoft.com/en-us/azure/key-vault/keys/quick-create-terraform |","tags":["azure","key","vault","agent","skills","microsoftdocs","agent-skills","agentic-skills","agentskill","ai-agents","ai-coding","azure-functions"],"capabilities":["skill","source-microsoftdocs","skill-azure-key-vault","topic-agent","topic-agent-skills","topic-agentic-skills","topic-agentskill","topic-ai-agents","topic-ai-coding","topic-azure","topic-azure-functions","topic-azure-kubernetes-service","topic-azure-openai","topic-azure-sql-database","topic-azure-storage"],"categories":["Agent-Skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/MicrosoftDocs/Agent-Skills/azure-key-vault","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add MicrosoftDocs/Agent-Skills","source_repo":"https://github.com/MicrosoftDocs/Agent-Skills","install_from":"skills.sh"}},"qualityScore":"0.698","qualityRationale":"deterministic score 0.70 from registry signals: · indexed on github topic:agent-skills · 497 github stars · SKILL.md body (16,011 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-04-22T06:53:33.956Z","embedding":null,"createdAt":"2026-04-18T21:59:19.770Z","updatedAt":"2026-04-22T06:53:33.956Z","lastSeenAt":"2026-04-22T06:53:33.956Z","tsv":"'/en-us/azure/key-vault/certificates/how-to-integrate-certificate-authority':1209 '/en-us/azure/key-vault/certificates/quick-create-go':1219 '/en-us/azure/key-vault/certificates/quick-create-net':1229 '/en-us/azure/key-vault/certificates/quick-create-python':1239 '/en-us/azure/key-vault/certificates/secure-certificates':715 '/en-us/azure/key-vault/general/access-behind-firewall':727 '/en-us/azure/key-vault/general/access-control-default':740 '/en-us/azure/key-vault/general/alert':974 '/en-us/azure/key-vault/general/assign-access-policy':751 '/en-us/azure/key-vault/general/authentication':763 '/en-us/azure/key-vault/general/authentication-requests-and-responses':985 '/en-us/azure/key-vault/general/azure-policy':996 '/en-us/azure/key-vault/general/common-error-codes':446 '/en-us/azure/key-vault/general/event-grid-logicapps':1252 '/en-us/azure/key-vault/general/event-grid-overview':1264 '/en-us/azure/key-vault/general/event-grid-tutorial':1277 '/en-us/azure/key-vault/general/howto-logging':1007 '/en-us/azure/key-vault/general/integrate-databricks-blob-storage':1288 '/en-us/azure/key-vault/general/logging':633 '/en-us/azure/key-vault/general/migrate-key-workloads':595 '/en-us/azure/key-vault/general/monitor-key-vault':1019 '/en-us/azure/key-vault/general/monitor-key-vault-reference':1031 '/en-us/azure/key-vault/general/network-security':776 '/en-us/azure/key-vault/general/overview-throttling':644 '/en-us/azure/key-vault/general/overview-vnet-service-endpoints':788 '/en-us/azure/key-vault/general/private-link-diagnostics':459 '/en-us/azure/key-vault/general/private-link-service':799 '/en-us/azure/key-vault/general/rbac-access-policy':811 '/en-us/azure/key-vault/general/rbac-guide':822 '/en-us/azure/key-vault/general/rbac-migration':607 '/en-us/azure/key-vault/general/rest-error-codes':470 '/en-us/azure/key-vault/general/secure-key-vault':833 '/en-us/azure/key-vault/general/service-limits':656 '/en-us/azure/key-vault/general/soft-delete-overview':846 '/en-us/azure/key-vault/general/troubleshoot-azure-policy-for-key-vault':480 '/en-us/azure/key-vault/general/troubleshooting-access-issues':490 '/en-us/azure/key-vault/general/vault-create-template':1042 '/en-us/azure/key-vault/keys/about-keys-details':1055 '/en-us/azure/key-vault/keys/byok-specification':1068 '/en-us/azure/key-vault/keys/how-to-configure-key-rotation':1080 '/en-us/azure/key-vault/keys/hsm-protected-keys':507 '/en-us/azure/key-vault/keys/hsm-protected-keys-byok':520 '/en-us/azure/key-vault/keys/javascript-developer-guide-backup-delete-restore-key':1299 '/en-us/azure/key-vault/keys/javascript-developer-guide-create-update-rotate-key':1310 '/en-us/azure/key-vault/keys/javascript-developer-guide-enable-disable-key':1321 '/en-us/azure/key-vault/keys/javascript-developer-guide-encrypt-decrypt-key':1333 '/en-us/azure/key-vault/keys/javascript-developer-guide-get-key':1343 '/en-us/azure/key-vault/keys/javascript-developer-guide-import-key':1354 '/en-us/azure/key-vault/keys/javascript-developer-guide-list-key-version':1364 '/en-us/azure/key-vault/keys/javascript-developer-guide-sign-verify-key':1376 '/en-us/azure/key-vault/keys/policy-grammar':1091 '/en-us/azure/key-vault/keys/quick-create-terraform':1480 '/en-us/azure/key-vault/keys/secure-keys':532 '/en-us/azure/key-vault/managed-hsm/access-control':857 '/en-us/azure/key-vault/managed-hsm/authorize-azure-resource-manager':868 '/en-us/azure/key-vault/managed-hsm/backup-restore':880 '/en-us/azure/key-vault/managed-hsm/built-in-roles':892 '/en-us/azure/key-vault/managed-hsm/configure-alerts':1102 '/en-us/azure/key-vault/managed-hsm/configure-network-security':667 '/en-us/azure/key-vault/managed-hsm/disaster-recovery-guide':543 '/en-us/azure/key-vault/managed-hsm/how-to-secure-access':903 '/en-us/azure/key-vault/managed-hsm/hsm-protected-keys-byok':556 '/en-us/azure/key-vault/managed-hsm/key-rotation':1115 '/en-us/azure/key-vault/managed-hsm/logging':1127 '/en-us/azure/key-vault/managed-hsm/logging-azure-monitor':1137 '/en-us/azure/key-vault/managed-hsm/multi-region-replication':1149 '/en-us/azure/key-vault/managed-hsm/network-security':914 '/en-us/azure/key-vault/managed-hsm/policy-grammar':1160 '/en-us/azure/key-vault/managed-hsm/private-link':925 '/en-us/azure/key-vault/managed-hsm/recovery':1173 '/en-us/azure/key-vault/managed-hsm/role-management':937 '/en-us/azure/key-vault/managed-hsm/scaling-guidance':618 '/en-us/azure/key-vault/managed-hsm/secure-managed-hsm':947 '/en-us/azure/key-vault/managed-hsm/sentinel':1183 '/en-us/azure/key-vault/managed-hsm/service-limits':678 '/en-us/azure/key-vault/managed-hsm/soft-delete-overview':691 '/en-us/azure/key-vault/managed-hsm/tls-offload-library':1389 '/en-us/azure/key-vault/secrets/about-secrets':701 '/en-us/azure/key-vault/secrets/javascript-developer-guide-backup-secrets':1401 '/en-us/azure/key-vault/secrets/javascript-developer-guide-delete-secret':1412 '/en-us/azure/key-vault/secrets/javascript-developer-guide-enable-disable-secret':1423 '/en-us/azure/key-vault/secrets/javascript-developer-guide-find-secret':1434 '/en-us/azure/key-vault/secrets/javascript-developer-guide-get-secret':1444 '/en-us/azure/key-vault/secrets/javascript-developer-guide-get-started':1455 '/en-us/azure/key-vault/secrets/javascript-developer-guide-set-update-rotate-secret':1467 '/en-us/azure/key-vault/secrets/multiline-secrets':1194 '/en-us/azure/key-vault/secrets/secure-secrets':959 '/en-us/azure/key-vault/secrets/tutorial-rotation':568 '/en-us/azure/key-vault/secrets/tutorial-rotation-dual':580 '/microsoftdocs/mcp/blob/main/readme.md)':167 '3':138 'accept':206 'access':36,172,228,286,289,330,485,601,720,744,780,804,819,848,862,895,1278 'agent':87,131,190,204 'alert':359,967,1096 'algorithm':1048 'allow':716 'api':33,465,736 'app':401,1242 'appli':521,705,823,948,986 'applic':1452 'arm':426,1037 'assign':741 'audit':1119 'auth':327 'authent':753,976 'author':851,1081,1150 'auto':1107 'auto-rot':1106 'autom':259,557,569,1274 'automat':1070 'avail':157 'azur':2,8,40,50,235,321,416,430,439,450,461,472,482,515,526,537,551,597,613,626,637,646,669,693,717,730,747,755,790,801,813,828,837,859,875,898,932,939,953,969,980,987,991,1000,1011,1015,1022,1033,1050,1075,1110,1122,1129,1133,1144,1185,1201,1254,1259,1266,1335,1347,1356,1436,1446 'azure-key-vault':1 'back':1289,1390 'backup':338,394,870 'behavior':311,683 'behind':723 'best':14,55,239,251,341,491,523,707,825,950 'bicep':428 'blob':1279 'built':885 'built-in':884 'byok':498,509,547,1057 'byok/hsm':246 'ca':1206 'capabl':79 'capac':277,609 'categori':90,98,114,210,212 'certif':347,712,1214,1224,1234 'choos':800 'cli':431,748 'client':388,722,1215,1225,1235 'code':23,64,227,375,384,443,467,1196 'combin':69 'common':438 'configur':21,62,315,348,352,455,623,657,752,764,812,834,858,869,904,915,960,963,999,1008,1069,1092,1116,1138,1161,1184 'constraint':305,685 'content':74,176 'control':287,849,896,944 'cover':53 'creat':1032,1300,1456 'credenti':560,572 'cryptograph':281,590,1071 'data':927 'databrick':402,1282 'decis':16,57,266,581 'decrypt':1324 'default':734 'delet':310,337,682,842,1164,1291,1402 'deploy':26,67,407,413,1468 'descript':214 'develop':11 'diagnos':219,447 'diagnost':1003 'digicert':403,1205 'disabl':1313,1415 'disast':253,534 'disrupt':540 'doc':182 'document':77,175 'dual':571 'dual-credenti':570 'e.g':102,118,372 'enabl':997,1311,1413 'encrypt':1322 'endpoint':785,796,919 'enforc':237,474 'entra':759 'error':224,226,442,466 'event':398,1120,1246,1248,1257,1260,1271 'execut':497,533,587 'expert':5,47 'f5':1384 'failur':230,487 'fallback':194 'fetch':78,174,183,196 'file':108,116,123,128 'find':1426 'firewal':314,332,661,724,767,908 'fix':221,449 'follow':1056 'format':371 'formul':975 'generat':544 'github.com':166 'github.com/microsoftdocs/mcp/blob/main/readme.md)':165 'go':1211 'govern':990 'grid':399,1249,1261,1272 'guid':164 'guidanc':48,244,271 'handl':636,1265 'harden':938 'health':964,1093 'hsm':32,257,276,300,326,357,421,499,511,539,548,553,615,651,659,671,688,854,865,877,883,900,911,917,934,941,1061,1099,1112,1124,1131,1146,1157,1170,1176,1379 'hsm-protect':510 'id':760 'implement':508,893 'import':85,129,248,546,1060,1344 'includ':12 'index':91,211 'instal':161,163 'integr':22,63,374,396,789,1174,1195,1200,1253 'interpret':460,625 'ip':660 'issu':238,456 'javascript':1296,1307,1318,1330,1340,1351,1361,1373,1398,1409,1420,1431,1441,1451,1464 'js/go/.net/python':387 'json':977 'key':3,9,30,41,51,222,247,264,274,284,298,322,344,353,362,365,381,417,423,440,451,462,476,483,500,503,513,516,527,529,549,564,576,591,598,627,638,647,694,710,718,731,742,756,772,778,791,807,817,829,838,954,970,981,992,1001,1012,1023,1034,1045,1051,1062,1064,1072,1076,1083,1087,1105,1152,1186,1202,1212,1222,1232,1244,1255,1267,1284,1294,1303,1305,1314,1316,1326,1328,1336,1338,1345,1348,1357,1359,1369,1371,1394,1405,1416,1427,1437,1447,1460,1472,1475 'key/secret':249 'keys/secrets/certs':391 'knowledg':6 'l100':350 'l100-l123':349 'l120':105 'l123':351 'l124':378 'l124-l151':377 'l151':379 'l152':409 'l152-l155':408 'l155':410 'l35':104 'l35-l120':103 'l36':217 'l36-l44':216 'l44':218 'l45':242 'l45-l55':241 'l55':243 'l56':269 'l56-l62':268 'l62':270 'l63':296 'l63-l73':295 'l73':297 'l74':318 'l74-l99':317 'l99':319 'latenc':307,630 'latest':146 'learn':189,203 'learn-agent-skil':188,202 'learn.microsoft.com':445,458,469,479,489,506,519,531,542,555,567,579,594,606,617,632,643,655,666,677,690,700,714,726,739,750,762,775,787,798,810,821,832,845,856,867,879,891,902,913,924,936,946,958,973,984,995,1006,1018,1030,1041,1054,1067,1079,1090,1101,1114,1126,1136,1148,1159,1172,1182,1193,1208,1218,1228,1238,1251,1263,1276,1287,1298,1309,1320,1332,1342,1353,1363,1375,1388,1400,1411,1422,1433,1443,1454,1466,1479 'learn.microsoft.com/en-us/azure/key-vault/certificates/how-to-integrate-certificate-authority':1207 'learn.microsoft.com/en-us/azure/key-vault/certificates/quick-create-go':1217 'learn.microsoft.com/en-us/azure/key-vault/certificates/quick-create-net':1227 'learn.microsoft.com/en-us/azure/key-vault/certificates/quick-create-python':1237 'learn.microsoft.com/en-us/azure/key-vault/certificates/secure-certificates':713 'learn.microsoft.com/en-us/azure/key-vault/general/access-behind-firewall':725 'learn.microsoft.com/en-us/azure/key-vault/general/access-control-default':738 'learn.microsoft.com/en-us/azure/key-vault/general/alert':972 'learn.microsoft.com/en-us/azure/key-vault/general/assign-access-policy':749 'learn.microsoft.com/en-us/azure/key-vault/general/authentication':761 'learn.microsoft.com/en-us/azure/key-vault/general/authentication-requests-and-responses':983 'learn.microsoft.com/en-us/azure/key-vault/general/azure-policy':994 'learn.microsoft.com/en-us/azure/key-vault/general/common-error-codes':444 'learn.microsoft.com/en-us/azure/key-vault/general/event-grid-logicapps':1250 'learn.microsoft.com/en-us/azure/key-vault/general/event-grid-overview':1262 'learn.microsoft.com/en-us/azure/key-vault/general/event-grid-tutorial':1275 'learn.microsoft.com/en-us/azure/key-vault/general/howto-logging':1005 'learn.microsoft.com/en-us/azure/key-vault/general/integrate-databricks-blob-storage':1286 'learn.microsoft.com/en-us/azure/key-vault/general/logging':631 'learn.microsoft.com/en-us/azure/key-vault/general/migrate-key-workloads':593 'learn.microsoft.com/en-us/azure/key-vault/general/monitor-key-vault':1017 'learn.microsoft.com/en-us/azure/key-vault/general/monitor-key-vault-reference':1029 'learn.microsoft.com/en-us/azure/key-vault/general/network-security':774 'learn.microsoft.com/en-us/azure/key-vault/general/overview-throttling':642 'learn.microsoft.com/en-us/azure/key-vault/general/overview-vnet-service-endpoints':786 'learn.microsoft.com/en-us/azure/key-vault/general/private-link-diagnostics':457 'learn.microsoft.com/en-us/azure/key-vault/general/private-link-service':797 'learn.microsoft.com/en-us/azure/key-vault/general/rbac-access-policy':809 'learn.microsoft.com/en-us/azure/key-vault/general/rbac-guide':820 'learn.microsoft.com/en-us/azure/key-vault/general/rbac-migration':605 'learn.microsoft.com/en-us/azure/key-vault/general/rest-error-codes':468 'learn.microsoft.com/en-us/azure/key-vault/general/secure-key-vault':831 'learn.microsoft.com/en-us/azure/key-vault/general/service-limits':654 'learn.microsoft.com/en-us/azure/key-vault/general/soft-delete-overview':844 'learn.microsoft.com/en-us/azure/key-vault/general/troubleshoot-azure-policy-for-key-vault':478 'learn.microsoft.com/en-us/azure/key-vault/general/troubleshooting-access-issues':488 'learn.microsoft.com/en-us/azure/key-vault/general/vault-create-template':1040 'learn.microsoft.com/en-us/azure/key-vault/keys/about-keys-details':1053 'learn.microsoft.com/en-us/azure/key-vault/keys/byok-specification':1066 'learn.microsoft.com/en-us/azure/key-vault/keys/how-to-configure-key-rotation':1078 'learn.microsoft.com/en-us/azure/key-vault/keys/hsm-protected-keys':505 'learn.microsoft.com/en-us/azure/key-vault/keys/hsm-protected-keys-byok':518 'learn.microsoft.com/en-us/azure/key-vault/keys/javascript-developer-guide-backup-delete-restore-key':1297 'learn.microsoft.com/en-us/azure/key-vault/keys/javascript-developer-guide-create-update-rotate-key':1308 'learn.microsoft.com/en-us/azure/key-vault/keys/javascript-developer-guide-enable-disable-key':1319 'learn.microsoft.com/en-us/azure/key-vault/keys/javascript-developer-guide-encrypt-decrypt-key':1331 'learn.microsoft.com/en-us/azure/key-vault/keys/javascript-developer-guide-get-key':1341 'learn.microsoft.com/en-us/azure/key-vault/keys/javascript-developer-guide-import-key':1352 'learn.microsoft.com/en-us/azure/key-vault/keys/javascript-developer-guide-list-key-version':1362 'learn.microsoft.com/en-us/azure/key-vault/keys/javascript-developer-guide-sign-verify-key':1374 'learn.microsoft.com/en-us/azure/key-vault/keys/policy-grammar':1089 'learn.microsoft.com/en-us/azure/key-vault/keys/quick-create-terraform':1478 'learn.microsoft.com/en-us/azure/key-vault/keys/secure-keys':530 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/access-control':855 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/authorize-azure-resource-manager':866 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/backup-restore':878 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/built-in-roles':890 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/configure-alerts':1100 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/configure-network-security':665 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/disaster-recovery-guide':541 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/how-to-secure-access':901 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/hsm-protected-keys-byok':554 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/key-rotation':1113 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/logging':1125 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/logging-azure-monitor':1135 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/multi-region-replication':1147 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/network-security':912 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/policy-grammar':1158 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/private-link':923 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/recovery':1171 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/role-management':935 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/scaling-guidance':616 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/secure-managed-hsm':945 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/sentinel':1181 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/service-limits':676 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/soft-delete-overview':689 'learn.microsoft.com/en-us/azure/key-vault/managed-hsm/tls-offload-library':1387 'learn.microsoft.com/en-us/azure/key-vault/secrets/about-secrets':699 'learn.microsoft.com/en-us/azure/key-vault/secrets/javascript-developer-guide-backup-secrets':1399 'learn.microsoft.com/en-us/azure/key-vault/secrets/javascript-developer-guide-delete-secret':1410 'learn.microsoft.com/en-us/azure/key-vault/secrets/javascript-developer-guide-enable-disable-secret':1421 'learn.microsoft.com/en-us/azure/key-vault/secrets/javascript-developer-guide-find-secret':1432 'learn.microsoft.com/en-us/azure/key-vault/secrets/javascript-developer-guide-get-secret':1442 'learn.microsoft.com/en-us/azure/key-vault/secrets/javascript-developer-guide-get-started':1453 'learn.microsoft.com/en-us/azure/key-vault/secrets/javascript-developer-guide-set-update-rotate-secret':1465 'learn.microsoft.com/en-us/azure/key-vault/secrets/multiline-secrets':1192 'learn.microsoft.com/en-us/azure/key-vault/secrets/secure-secrets':957 'learn.microsoft.com/en-us/azure/key-vault/secrets/tutorial-rotation':566 'learn.microsoft.com/en-us/azure/key-vault/secrets/tutorial-rotation-dual':578 'librari':1216,1226,1236,1382 'limit':18,59,293,301,619,641,653,673,698 'line':100,112,213 'link':39,117,126,232,334,454,770,795,922 'list':1355,1424 'local':70,887 'locat':94 'log':306,360,629,1004,1028,1117,1177 'logic':400,1241 'make':17,58,267,582 'manag':256,325,356,420,538,552,614,650,658,670,687,847,853,861,864,876,882,899,910,916,926,933,940,1098,1111,1123,1130,1145,1156,1169,1175,1378 'markdown':193,209 'mcp':152,179 'metadata.generated':133 'metric':1026 'microsoft':181,1179 'microsoftdoc':153,180 'migrat':280,588,596 'misconfig':233 'monitor':358,1009,1016,1025,1128,1134 'month':139 'multi':1140 'multi-region':1139 'multilin':373,1190 'net':1221 'network':171,663,765,783,905 'network/ip':313 'nginx':1386 'notif':1269 'offload':406,1381 'old':140 'pattern':24,65,376,389,1197 'perform':1095 'permiss':815 'plan':273,495,585,608 'plane':928 'plus':395 'polici':37,229,236,290,331,361,473,486,602,745,805,988,1085,1154 'powershel':433 'practic':15,56,240,252,342,492,524,708,826,951 'prefer':177 'prepar':728 'privat':38,231,333,453,769,794,918,921 'protect':512,1167 'provid':46 'provis':415,1471 'pull':144 'purg':1166,1404 'python':1231 'queri':185,199 'quick':72 'quick-refer':71 'quota':19,60,294,303,620,675 'rang':101 'rbac':34,292,328,604,733,802,814,888,929 'read':107,122 'recoveri':254,535 'refer':73,127,1020 'region':1141 'releas':366,1084,1153 'relev':95 'remot':76 'replic':367,1142 'repositori':150 'request':978 'requir':170 'resolv':437 'resourc':860 'rest':464 'rest/api':225 'restor':873,1293,1393 'retir':737 'retriev':1334,1435 'return':192,208 'review':645,668 'role':889,930 'rotat':262,392,562,574,1073,1108,1302,1459 'safe':843 'scale':278,611 'secret':261,345,370,424,561,573,696,956,1191,1396,1407,1418,1429,1439,1449,1462 'section':96 'secur':20,61,250,316,320,340,364,522,664,702,706,766,777,824,894,906,943,949,1082,1151 'security.md':119,120 'select':872 'sentinel':1180 'servic':386,652,672,784 'set':1039,1103 'sign':1365 'singl':559 'single-credenti':558 'single/dual-credential':260 'size':304,697 'skill':43,45,84,169,191,205 'skill-azure-key-vault' 'soft':309,336,681,841,1163 'soft-delet':308,335,680,840,1162 'source-microsoftdocs' 'special':369 'specif':1058 'specifi':111 'storag':1280 'store':1189 'string':186,200 'suggest':141,158 'support':1044 'templat':427,1038 'terraform':429,1477 'text/markdown':207 'throttl':302,640,966 'tls':405,1380 'tool':154 'topic':435,493,583,621,703,961,1198,1469 'topic-agent' 'topic-agent-skills' 'topic-agentic-skills' 'topic-agentskill' 'topic-ai-agents' 'topic-ai-coding' 'topic-azure' 'topic-azure-functions' 'topic-azure-kubernetes-service' 'topic-azure-openai' 'topic-azure-sql-database' 'topic-azure-storage' 'transfer':501 'trigger':1240 'troubleshoot':13,54,215,434,471,481 'type':1046 'types/rotation':363 'understand':634,679,692 'updat':1457 'url':436,494,584,622,704,962,1199,1470 'use':27,29,82,88,106,121,178,195,380,425,836,881,1036,1043,1210,1220,1230,1360,1377,1419,1430,1445,1476 'user':143,160 'vault':4,10,42,52,223,265,285,323,354,382,418,422,441,452,463,477,484,504,517,528,565,577,599,628,639,648,695,711,719,732,743,757,773,779,792,808,818,830,839,955,971,982,993,1002,1013,1024,1035,1052,1065,1077,1088,1187,1203,1213,1223,1233,1245,1256,1268,1285,1304,1315,1327,1337,1349,1358,1370,1395,1406,1417,1428,1438,1448,1461,1473 'vault/managed':31,299 'verifi':1367 'version':147 'via':1247,1281 'virtual':782 'vs':35,329,803 'webpag':197 'workload':282,592","prices":[{"id":"555c2696-432a-440f-9387-9eb921e5dd94","listingId":"fb619413-e0db-43c6-a815-dc4ce01f64ac","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"MicrosoftDocs","category":"Agent-Skills","install_from":"skills.sh"},"createdAt":"2026-04-18T21:59:19.770Z"}],"sources":[{"listingId":"fb619413-e0db-43c6-a815-dc4ce01f64ac","source":"github","sourceId":"MicrosoftDocs/Agent-Skills/azure-key-vault","sourceUrl":"https://github.com/MicrosoftDocs/Agent-Skills/tree/main/skills/azure-key-vault","isPrimary":false,"firstSeenAt":"2026-04-18T21:59:19.770Z","lastSeenAt":"2026-04-22T06:53:33.956Z"}],"details":{"listingId":"fb619413-e0db-43c6-a815-dc4ce01f64ac","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"MicrosoftDocs","slug":"azure-key-vault","github":{"repo":"MicrosoftDocs/Agent-Skills","stars":497,"topics":["agent","agent-skills","agentic-skills","agentskill","ai","ai-agents","ai-coding","azure","azure-functions","azure-kubernetes-service","azure-openai","azure-sql-database","azure-storage","azure-virtual-machine","claude-code","github-copilot","microsoft-learn","openai-codex","skills"],"license":"cc-by-4.0","html_url":"https://github.com/MicrosoftDocs/Agent-Skills","pushed_at":"2026-04-22T01:37:27Z","description":"Curated Agent Skills for Microsoft & Azure – giving AI coding assistants structured, real-time expertise from Microsoft Learn docs.","skill_md_sha":"4a46f7601bafe00b66c145dae6fb8de1554da3a3","skill_md_path":"skills/azure-key-vault/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/MicrosoftDocs/Agent-Skills/tree/main/skills/azure-key-vault"},"layout":"multi","source":"github","category":"Agent-Skills","frontmatter":{"name":"azure-key-vault","description":"Expert knowledge for Azure Key Vault development including troubleshooting, best practices, decision making, limits & quotas, security, configuration, integrations & coding patterns, and deployment. Use when using Key Vault/Managed HSM APIs, RBAC vs access policies, Private Link, key rotation, or IaC deployment, and other Azure Key Vault related development tasks. Not for Azure Dedicated HSM (use azure-dedicated-hsm), Azure Cloud Hsm (use azure-cloud-hsm), Azure Payment Hsm (use azure-payment-hsm), Azure Information Protection (use azure-information-protection).","compatibility":"Requires network access. Uses mcp_microsoftdocs:microsoft_docs_fetch or fetch_webpage to retrieve documentation."},"skills_sh_url":"https://skills.sh/MicrosoftDocs/Agent-Skills/azure-key-vault"},"updatedAt":"2026-04-22T06:53:33.956Z"}}