[Feature Request - Azure Bastion] Support for Azure Key Vault in IP-based connections #30584
Open
1 task done
Labels
customer-reported
Issues that are reported by GitHub users external to the Azure organization.
feature-request
Network - Bastion
Service Attention
This issue is responsible by Azure service team.
Comments
microsoft-github-policy-service
bot
added
the
customer-reported
|
Thank you for opening this issue, we will look into it. |
yonzhan
added
the
Service Attention
|
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @isamorris, @bastionsuppgithub. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Preconditions
Related command
No response
Resource Provider
N/A
Description of Feature or Work Requested
While Azure Key Vault is currently supported for authentication when connecting to Azure VMs through Azure Bastion, its absence in IP-based connections to on-premises servers puts Azure at a competitive disadvantage. Every Privileged Access Management (PAM) solution on the market today includes a credential store feature, allowing for secure, centralized management of access credentials across both cloud and on-premises environments.
By integrating Azure Key Vault into the IP-based connection feature of Azure Bastion for on-premises servers, Microsoft would:
Ensure Consistency: Extend the security benefits and operational efficiencies currently enjoyed for Azure VMs to on-premises servers.
Enhance Hybrid Cloud Security: Bolster the security posture of hybrid environments by providing the same level of credential management and protection for on-premises resources as for cloud resources.
Reduce Credential Management Complexity: By allowing the use of Azure Key Vault for on-premises server connections, organizations would benefit from a single, secure place to manage all their secrets across both cloud and on-premises environments.
Support Zero Trust Models: Further support zero trust security models by ensuring that even connections to on-premises resources through Azure services follow the principle of least privilege and require dynamic authentication.
Improve Compliance: Help organizations meet compliance requirements for secure credential management across their entire IT infrastructure.
Integrating Azure Key Vault with Azure Bastion for on-premises server connections via IP-based connections would not only align Azure with the credential management capabilities of leading PAM solutions but would also enable powerful integration with Azure Privileged Identity Management (PIM). This integration would:
Enable Just-In-Time Access: Users could request access to on-premises servers through PIM, ensuring that credentials are only accessible on a need-to-know basis for a limited time, significantly enhancing security by reducing standing access privileges.
Thank you
Minimum API Version Required
N/A
Swagger PR link / SDK link
N/A
Request Example
No response
Target Date
2025-06-06
PM Contact
N/A
Engineer Contact
N/A
Additional context
No response
The text was updated successfully, but these errors were encountered: