I have a key vault located in the US, and I want a copy of that data to exist in the UK (to prevent an outage due to WAN latency, etc.)
How can I add the required scalability and fault tolerance to Azure Key Vault?
Should I use a Microsoft Research product Key Management In Distributed Systems to accomplish this?
Abstract
We developed a cryptographic key management system for distributed networks. Our system handles every aspect of key management, including the key lifecycle, key distribution, access control, and cryptographic algorithm agility. Our software client accesses keys and other metadata stored in a distributed repository. Our system hides all key management tasks from the user; the user specifies a key management policy and our system enforces this policy. Clients perform key management tasks whenever the end user accesses keys to protect or retrieve data; there are no scheduled processes or network listeners. The repository does not need to perform any additional tasks beyond its normal course of operation: storing, servicing, and replicating data. While our system can work with a generic repository, our repository implementation is based on Microsoft Active Directory. Our system prevents data loss even if the underlying repository does not ensure consistency/atomic operations.
*Tagged Active Directory because this solution leverages AD, and perhaps can be ported to Windows Azure AD