Introduction

This document describes the integration of Microsoft Azure Key Vault Bring Your Own Key (referred to as Azure BYOK in this guide) with the Entrust KeyControl Key Management Solution (KMS).

Documents to read first

This guide describes how to configure the Entrust KeyControl server as a KMS in Azure BYOK.

Entrust KeyControl v10.2 supports BYOK as an add-on. You can request a free trial of Entrust KeyControl BYOK here: https://go.entrust.com/keycontrol-byok-30-day-free-trial.

To install and configure the Entrust KeyControl server see KeyControl Installation and Upgrade Guide.

Also refer to the documentation and set-up process for Microsoft Azure BYOK in the Microsoft Azure Key Vault online documentation.

Product configurations

Entrust has successfully tested the integration of KeyControl with Azure BYOK in the following configurations:

System	Version
Entrust KeyControl	10.2

System

Version

Entrust KeyControl

10.2

Features tested

Entrust has successfully tested the following features:

Create cloud key
Rotate cloud key
Remove cloud key
Upload removed cloud key
Delete cloud key
Cancel cloud key deletion

Requirements

Entrust recommends that you allow only unprivileged connections unless you are performing administrative tasks.