A key vault is a software-based service for securely storing and managing cryptographic keys, certificates, and secrets (e.g., API keys, passwords). Cloud providers such as Azure (Azure Key Vault) and AWS (Secrets Manager / KMS) offer these as managed services. The key vault separates key management from application logic and enables centralized access control with audit logging. In your ISMS, a key vault solves the problem of secrets ending up in configuration files or source code. Define which types of secrets are managed in the key vault and set up automatic key rotation where technically possible.