Exporting keys from SmartKey to Cloud Providers for BYOK - Azure


This topic describes how to export keys from SmartKey to Azure for server-side encryption. You can watch the video or follow these instructions.

Prerequisite: Download SmartKey CLI


Azure Key Vault supports direct import of key material. Generate an exportable AES key in SmartKey and export its value to upload the key to Azure.

  1. Create a 256-bit AES key in SmartKey with the EXPORT key operation enabled.

    $ python sdkms-cli create-key --obj-type AES --key-size 256 --name Azure-Cloud-Master-Key --exportable

  2. Export this key in your application environment.

    $ python sdkms-cli export-object --name Azure-Cloud-Master-Key

    You have to choose to upload your key either as a software or hardware key depending on your requirement.