Integration overview

  1. Create a Key Exchange Key (KEK) in Azure and download it to the online computer.

  2. Transfer the KEK using media, for example a USB thumb drive, to the offline computer.

  3. Wrap your on-premise HSM protected key with the KEK.

  4. Transfer the wrapped key using media to the online computer.

  5. Upload the wrapped key to Azure.