Status: IN
Key Vault provides defense-in-depth for cryptographic key lifecycle: tiered protection levels (software FIPS 140-2 L1 → asymmetric HSM → single-tenant managed HSM with symmetric keys) secure keys at appropriate cryptographic strength, while layered deletion safeguards (soft-delete → purge protection → purge operator role requirement) prevent accidental or malicious key destruction.