Dear Lars,
In the service comparison, Microsoft compared Azure Key Vault to AWS KMS stated in the link below
https://docs.microsoft.com/en-us/azure/architecture/aws-professional/services
However, in your lab, you could manually type in a secret, which seemed to be more equivalent to AWS Parameter Store. Would you agree?
The second question is when you said you could not see the secret when you share it. What if you want to share it with a non-Azure application, where the administrator must type in the secret?
Many thanks in advance,
With Kind Regards,
James Ren
1 Answers
Hi James,
I would say Azure KeyVault is pretty much the Azure equivalent of AWS’s Secret Manager. Both does not let you store unencrypted values and both are paid services, while AWS Parameter Store if free to use and allows you to store unencrypted values.
Concerning your second question about dealing with KeyVault and services outside Azure. If it’s for deployments I would recommend using Azure DevOps to fetch secrets from the KeyVault and consume them during the deployment process. If you deploy on-premise, you would need a self-hosted Azure Pipeline agent for that.
I know there are plenty other scenarios why you would fetch secrets from KeyVault for services outside Azure, but without more details I can’t recommend an approach.