Share via

is there a timelimit on a KEK to import BYOK into Azure Keyvault

Franck Marteaux 111 Reputation points
2020-11-10T13:20:00.307+00:00

Is there a timelimit on the KEK to import BYOK from a customer HSM.
AWS has a timelimit of 24 hours for a similar process.

Since we have some issues importing keys, i want to make sure this is not the issue we are facing.

thanks and regards,
Franck

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,389 questions
Accepted answer
  1. Franck Marteaux 111 Reputation points
    2020-11-12T18:11:52.323+00:00

    Hi James,
    I think we figured it out.,
    If you use a KEK with the "import" parameter to upload a BYOK from an HSM, you need to define an expiration.
    But the expiration does not need to be 24 hours, e.g. we defined a date in 10 days which will give us enough time for the operation.

    So, unlike AWS KMS, where the expiration seems to be a fixed 24 h, Azure KeyVault lets you define this timespan.

    We will do the operation on Sunday, then I know if this worked...

    Regards,
    Franck

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.