Share via

Can we use Get Random Bytes API with Azure Key Vault Premium Subscription

Battina, Subodh 0 Reputation points
2026-04-09T14:03:56.44+00:00

Can we use Get Random Bytes API with Azure Key Vault Premium Subscription?

This link [https://dori-uw-1.kuma-moon.com/en-us/rest/api/keyvault/keys/get-random-bytes/get-random-bytes?view=rest-keyvault-keys-2025-07-01&tabs=HTTP] says it "Get the requested number of bytes containing random values from a managed HSM." But it looks like Azure Key Vault Premium Subscription does support HSM type of keys, so wanted to get clarification. Thanks !!

For the most part, for our use case "Azure Key Vault Premium Subscription" suits our needs. But we do need to call the "Get Random Bytes API" and it seems to be an overhead to have Azure managed HSM subscription just for this purpose. Thanks !!

Azure Key Vault
Azure Key Vault

An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Shubham Sharma 12,525 Reputation points Microsoft External Staff Moderator
    2026-04-09T14:47:45.34+00:00

    Helllo Battina, Subodh

    Thank you for reaching out to Microsoft Q&A.

    It looks like you’re trying to use the Get Random Bytes API against a Premium-tier Key Vault.

    Below is the resolution:-

    • The REST endpoint and client-SDK calls for “Get Random Bytes” are only exposed on Azure Managed HSM resources (i.e. the dedicated HSM offering), not on a standard or Premium Key Vault instance.

    • Even though the Premium Key Vault tier uses HSMs under the covers for your keys, it doesn’t surface the random-bytes endpoint. You’d need to deploy a Managed HSM if you want to call that specific API.

    If you want HSM-grade random numbers and don’t want to stand up a Managed HSM, you’ll need to generate random data client-side (e.g., via your language’s crypto libraries) or look at another Azure service that meets your needs.

    Microsoft docs:

    1. Get Random Bytes REST API (Managed HSM) https://dori-uw-1.kuma-moon.com/en-us/rest/api/keyvault/keys/get-random-bytes/get-random-bytes?view=rest-keyvault-keys-2025-07-01&tabs=HTTP
    2. Get-AzKeyVaultRandomNumber PowerShell Cmdlet https://dori-uw-1.kuma-moon.com/powershell/module/az.keyvault/get-azkeyvaultrandomnumber?view=azps-15.5.0
    3. KeyClient.GetRandomBytes/.GetRandomBytesAsync (.NET SDK) https://dori-uw-1.kuma-moon.com/dotnet/api/azure.security.keyvault.keys.keyclient.getrandombytes?view=azure-dotnet
    4. Azure Key Vault overview & creating a vault https://docs.microsoft.com/azure/key-vault/general/basic-concepts

    Let us know if the above steps works

    Thanks

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.