locked
Key Vault query. RRS feed

  • Question

  • Can you use the same keyvault for all of your servers even though they are in different resource groups?

    I read a document stating that in order to use the keyvault it would have to be in the same geographical location. How would this work with a Globally redundant storage account. If we had to fall over to a vm image in a different location.

    Tuesday, February 19, 2019 7:33 PM

Answers

  • Yes, you can use the Key Vault for servers in different resource groups however all resources like Key Vault, Storage account, and VM needs to be in the same Azure region and subscription. Also, as per my understanding using GA redudant is to assure that you data is stored in a second location during failure and to make sure that no data is lost during failure. But the data center would still need to recover and then your data be moved back before things come back online.  So, as I understand during failover you cannot encrypt or decrypt disks and you need to wait until it comes back online.
    Monday, February 25, 2019 7:16 PM

All replies

  • Can you please elaborate on your scenario how you are using Azure Key Vault and storage with Virtual Machine ? Also, in order to user key vault with a VM then the key vault needs to be created in the same subscription and location as the virtual machine.  Please refer to "Set up Key Vault for virtual machines in Azure Resource Manager.  
    Tuesday, February 19, 2019 11:40 PM
  • Thank you Saurabh...actually I was going through Azure Disk Encryption thats when I was stuck with the above two queries.
    Thursday, February 21, 2019 2:30 PM
  • Yes, you can use the Key Vault for servers in different resource groups however all resources like Key Vault, Storage account, and VM needs to be in the same Azure region and subscription. Also, as per my understanding using GA redudant is to assure that you data is stored in a second location during failure and to make sure that no data is lost during failure. But the data center would still need to recover and then your data be moved back before things come back online.  So, as I understand during failover you cannot encrypt or decrypt disks and you need to wait until it comes back online.
    Monday, February 25, 2019 7:16 PM
  • Please let me know if you find above reply useful. If yes, do click on 'Mark as answer' link in above reply. This will help other community members facing similar query to refer to this solution. Thanks.
    Friday, March 29, 2019 3:16 PM