Key Vault helps you to improve data protection and compliance
To protect cloud data, secure key management is crucial. Azure Key Vault can encrypt keys and small secrets, such as passwords, that are stored in hardware security module (HSMs). You can import or generate keys in HSMs for additional security. Microsoft processes your keys using FIPS validated HSMs (hardware, firmware, and hardware) - FIPS 140-2 level 2 for vaults, and FIPS 140-2 level 3 for HSM pools. Microsoft can't see your keys or extract them with Key Vault. You can monitor and audit key usage with Azure logging-pipe logs to Azure HDInsight, or your security information management (SIEM), for more analysis and threat detection.