Friday Fact: Azure Key Vaults naming size limits and restrictions

Azure Key Vaults have various naming size limits and restrictions that developers or infra teams must consider when creating Key Vaults, Keys, Secrets, and Certificates. Here’s an overview of the key naming size limits and restrictions.

Azure Key Vault enforces specific naming rules for vaults, keys, secrets, and certificates to ensure security and consistency.

Key Vault name size and restrictions

• Namespace Name length:
  • The minimum length for a Key Vault name is 3 characters.
  • The maximum length for a Key Vault name is 24 characters.
• Unique name across Azure:
  • When creating an Azure Key Vault, its name must be globally unique across all of Azure because it is used as part of a public DNS endpoint:
    • https://<vault-name>.vault.azure.net/.
  • This means you cannot have two key vaults with the same name across all Azure regions and subscriptions.
• Allowed Characters:
  • The vault name must only contain alphanumeric characters and dashes (-) and cannot start with a number.
• Key Vault Name Restrictions:
  • The name must begin with a letter, end with a letter or digit, and not contain consecutive hyphens.
  • No uppercase letters, spaces, or underscores (_), or special characters.
    • Note: You can insert uppercase letters, but what will happen is that they will be automatically converted to lowercase.

Key name size and restrictions

• Name length:
  • The minimum length for a Key name is 1 character.
  • The maximum length for a Key name is 127 characters.
• Unique inside a Key Vault:
  • Must be unique within the same Key Vault.
  • Different Key Vaults can have the same key names.
• Allowed Characters:
  • Key names can only contain alphanumeric characters and dashes (-).
• Key Name Restrictions:
  • No Restrictions.

Secret name size and restrictions

• Name length:
  • The minimum length for a Secret name is 1 character.
  • The maximum length for a Secret name is 127 characters.
• Unique inside a Key Vault:
  • Must be unique within the same Key Vault.
  • Different Key Vaults can have the same secret names.
• Allowed Characters:
  • Secret names can only contain alphanumeric characters and dashes (-).
• Secret Name Restrictions:
  • No Restrictions.

Certificate name size and restrictions

• Name length:
  • The minimum length for a Certificate name is 1 character.
  • The maximum length for a Certificate name is 127 characters.
• Unique inside a Key Vault:
  • Must be unique within the same Key Vault.
  • Different Key Vaults can have the same certificate names.
• Allowed Characters:
  • Certificate names can only contain alphanumeric characters and dashes (-).
• Certificate Name Restrictions:
  • No Restrictions.
• Other restrictions:
  • Certificate Subject value cannot be empty.
  • The Certificate Subject value must be between 1 and 200 characters long.
  • And the subject must specify a common name (use “CN=”).

Best Practices

• To be consistent across all artifact names (Key Vault, keys, secrets, and certificates) use Kebab Case (kebab-case) naming conventions.
  • Format: All lowercase letters, with words separated by hyphens (-).
• Use descriptive names (e.g., app-db-connection, not password).
• Follow a consistent naming convention (env-service-type, e.g., prod-api-key).
• Avoid generic names like secret, key, or token.

By adhering to these naming size limits and restrictions, developers and infra teams can ensure that their Azure Key Vault resources are properly created and managed without running into issues related to naming conventions.

To lazy to read? We’ve got you covered! Check out our video version of this content!

Hope you find this helpful! If you enjoyed the content or found it useful and wish to support our efforts to create more, you can contribute towards purchasing a Star Wars Lego for my son!