Here are some best practices for Key Store:
- Remember to grant access at a specified scope; this can be users, groups, or applications.
- Control which users have access.
- Store your certificates in your key vault.
- Ensure you enable soft deletes to recover keys deleted in inadvertent or malicious ways.
However, the following practices should be avoided:
- Make sure that you do not leave orphaned key/secrets in your vault.
Azure Key Vaults have a subscription boundary, meaning you can access them across subscriptions.