Software vs HSM protected keys in Azure Key Vault

Software vs HSM protected keys in Azure Key Vault

Q. What is the difference between a software-protected and HSM-protected key with Azure Key Vault?

A. Both types of key have the key stored in the HSM at rest. The difference is for a software-protected key when cryptographic operations are performed they are performed in software in compute VMs while for HSM-protected keys the cryptographic operations are performed within the HSM.

In test/dev environments using the software-protected option is recommended while in production use HSM-protected. The only downside with HSM-protected is an additional charge per-month if the key is used in that month.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish