Encryption is a proven means of securing data in the cloud. Secure management of the keys used is essential to effectively protecting data in the cloud. With Key Vault, keys and secret keys such as passwords can be encrypted using keys that are stored in HSMs (hardware security modules). Additional security is ensured if user keys are imported or generated in HSMs that are certified for FIPS 140-2 Level 2 and Common Criteria EAL4+.
This way, the keys do not leave the HSM system. With Key Vault, keys are invisible to Microsoft and cannot be extracted.
Azure Key Vault with Amit Bapat
Introduction to Microsoft Azure Key Vault
Azure208x - Azure Security and Compliance
Encryption and key management with Azure Key Vault
Azure Key Vault
Protect your data using Azure's encryption capabilities and key management