Cryptographic keys and secrets is an essential part of many application today. Customers who use the Cloud for deploying their solutions are more concerned about the security. Azure key vault is a better option for them rather than putting Keys and Secrets in the Applications configuration file. With this online offering, customers can easily import/create, store, and use FIPS 140-2 compliant keys and other secrets in cloud apps and services. In this presentation we share best practices for key management, including segregated access, redundancy, and logging/monitoring.