Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,314 questions
Thank you for your post!
I understand that you currently have a Private Endpoint that your Operations team would like to reclaim. You can create another Private Endpoint to replace this, but to account for any downtime when it comes to replacing/switching these two Private Endpoints, you'd like to know the steps to replace a Private Endpoint within the Azure Key Vault.
Assuming you have a VNET, subnet in that VNET, and the correct RBAC permissions for the VNET and Key Vault - to replace a private endpoint within your Key Vault, you'll need to:
- Establish a private link connection to your existing key vault.
- Validate that the new private link connection works.
- Once you've confirmed that the new private endpoint is working correctly, you can remove the original private endpoint.
As for downtime, it's possible that there may be a brief interruption while you're updating and testing the new private endpoint, but this should be minimal if everything is configured correctly. I'd also recommend trying to perform these operations during a maintenance window or low-traffic period.
I've also reached out to our Key Vault engineering team to confirm this and will update as soon as possible.
Additional Links:
- Integrate Key Vault with Azure Private Link: Troubleshooting Guide
- Diagnose private links configuration issues on Azure Key Vault
- Limitations and Design Considerations
I hope this helps!
If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.