Azure-docs: What is the maximum length of Keyvault Secret & Secret Value?

@blueelvis
Thanks for your feedback! We will investigate and update as appropriate.

There is no exact character limit. It is just based on the size, which is 25k bytes each.

"Key Vault APIs accept and return secret values as strings. Internally, Key Vault stores and manages secrets as sequences of octets (8-bit bytes), with a maximum size of 25k bytes each. The Key Vault service doesn't provide semantics for secrets. It merely accepts the data, encrypts it, stores it, and returns a secret identifier ("id"). The identifier can be used to retrieve the secret at a later time."

Hope this answers your question! Sorry that there isn't a more precise answer. One consideration is that if there was an exact character limit it may be less secure and easier to guess after encryption.

We will now proceed to close this thread. If you have further questions feel free to tag me in the comments or open a new issue and we will gladly continue the discussion.

@MarileeTurscak-MSFT - Thank you for the response. I was looking at the pricing section and in the FAQ, I see the following line -

Secrets are data (under 10_KB) such as passwords or .PFX files that your application can store and retrieve in plaintext. The Key Vault service persists secrets encrypted using an HSM-backed key, and provides an access control layer over them.

Could you please confirm with the PG team which one is indeed true? Or if the pricing docs need an edit?

Thanks!
-Pranav

Is there a way to store secrets which are more than 25Kb?

@sriramarunachalam you could store the secret as a blob while encrypting it via a key encrypted/decrypted from key vault.

Name length, according to https://docs.microsoft.com/en-us/powershell/module/azurerm.keyvault/add-azurekeyvaultkey?view=azurermps-6.13.0

The name must be a string of 1 through 63 characters in length that contains only 0-9, a-z, A-Z, and - (the dash symbol)