-
Create a KEK with the key operations set to import. The KEK can be an RSA key of different sizes such as: 2048-bit, 3072-bit or 4096-bit. It is advisable to create a key with the length suitable for your use case.
›_ Console
> az keyvault key create --name "<keyvault_key>" --vault-name "<keyvault>" --kty RSA-HSM --size 2048 --ops import
After the successfully executed command, please make sure to note down the key identifier ("kid") in the command printout as it will be used for generating your tenant key.