Reputation: 981
Azure Key Vault limits
We are developing authentication service (using identityServer) and we want to sign the JWT token returned to the user with private key stored in Azure Key Vault HSM
Our domain consists of millions of users that expected to call the authentication service once an hour in average (and therefore the key vault)
According to Microsoft docs the key vault service limits is 100 calls per second. See: https://azure.microsoft.com/en-us/documentation/articles/key-vault-service-limits/
Are we using Azure Key Vault as we suppose to do? It seems that the Key Vault transactions volume is very low.
Upvotes: 4
Views: 3695
Answers (1)
Reputation: 12228
If you look at the pricing page there is a footnote that says -
contact Microsoft for pricing for operation volumes exceeding 50 million operations per month
The alternative is to use Key vault as a key signing service, so you have a key that is signed by the key in key vault, that is rotated amongst your servers. It would be an extra piece of work, but it means that you can have very short lived certificates, which could provide a little additional security.
Upvotes: 4
Related Questions
- Sign a CSR with Azure Key Vault
- Azure DevOps -> Pipelines -> Library -> Access Azure Key Vault -> Key Vault not allowing access from all networks
- PKI with Azure Key Vault
- Azure Key Vault Accessibility from different Azure subscriptions
- Azure Key Vault Certificate based Authenication
- How to use compound identity to authenticate with Azure to access Azure Key Vault
- Azure Key Vault access permissions and key security
- Cannot set secret value in Azure Key Vault
- How do you use service-to-service authentication for local development to Azure Key Vault using Java?
- Azure Key Vault Protecting Certificate