Skip to content
You are reading Web3Signer development version documentation and some displayed features may not be available in the stable release. You can switch to stable version using the version box at screen bottom.

Using Web3Signer with Azure Key Vault

Web3Signer supports using Azure Key Vault to sign payloads in the following ways:

  • Using Azure Key Vault to perform the signing operation. Supports SECP256K1 signing keys only.
  • Fetching the keys from Azure Key Vault and signing locally.

Web3Signer supports the following authentication modes:


The Azure Active Directory managed identity authentication modes can only be used when fetching keys from Azure Key Vault and signing locally with Web3Signer.

Storing the private key in Azure Key Vault

Register Web3Signer as an application and add a signing key in Azure Key Vault.

Take note of the following to specify when configuring the signing key configuration file or bulk loading Ethereum 2.0 signing keys:

  • Vault name, which is part of the URL (for example https://<vaultname>
  • Client credentials, which can include:

    • Client ID
    • Client secret
    • Tenant ID


      Depending on the authentication mode, not all client credentials will be available.

  • Key name, which is the name of the secret.

Questions or feedback? You can discuss issues and obtain free support on Web3Signer Discord channel.
For paid professional support by Consensys, contact us at [email protected].