A Hardware Security Module (HSM) is a crypto appliance for securing encryption keys (and other kind of secrets). And it´s available as a service in Azure which is really cool. Ok, we have to admit that Amazon was first with this kind of service. But Azure Key Vault seems like a smarter implementations with a much nicer price-tag.
So how can we use this feature? One example is to store encryption keys. Let´s say you got a web-server in Azure and got a public certificate for that web-service. Then you can store the encryption keys in the Key Vault instead of in the file system of the server. Another example is to encrypt a SQL-server using the SQL Server Connector for Key Vault. Or you can simply deploy an encrypted virtual machine with the CloundLink SecureVM and store the master key in the Key Vault.
What other nice things is there? The Key Vault uses FIPS 140-2 level 2 validated HSM from Thales and Common Criteria EAL4+ certification is pending for the HSM´s which is really nice, and you get the option to establish Vaults in multiple Azure Datacenters to make it globally redundant. And it seems possible to sync with an existing, internal HSM farm as well.
So now we are (finally) talking about some really cool Azure functions! And I must admit that I missed that it was in preview, even though I´ve heard whispers about it for a long time. But if you are into security and encryption you should definitely have a look!