Effective date: February 22, 2026
This Privacy Policy explains how AzVault handles data when you use the application.
AzVault is a local desktop application for browsing and managing Azure Key Vault resources. This policy applies to data handled by the app on your device and during calls to Microsoft Azure services.
AzVault may process:
- Azure account context needed to call Azure APIs (for example: tenant, subscription, and vault metadata)
- Key Vault resource metadata (for example: names, attributes, timestamps, status)
- Secret values only when you explicitly request a reveal/fetch action
- Local audit events generated by your actions in the app
- Local app preferences and session state (for example: selected tenant/subscription/vault, theme, and recent vaults)
AzVault uses Azure CLI authentication only.
- You authenticate outside the app using
az login - AzVault requests short-lived access tokens via Azure CLI
- AzVault does not persist Azure AD refresh tokens
Stored locally by app logic:
- UI/session preferences
- Sanitized/redacted local audit logs
Not stored locally by app logic:
- Secret values
- Azure AD refresh tokens
Retention period for local data depends on your local environment and any manual cleanup you perform.
Data is used only to:
- Authenticate and authorize access through Azure CLI context
- Discover and display Azure Key Vault resources
- Execute user-requested management actions
- Provide local UX features (state persistence, audit history, export)
AzVault does not operate a project-hosted backend service for telemetry or user data collection.
Data is sent to:
- Microsoft Azure endpoints, as required to execute your requested operations
The project does not sell personal data.
AzVault includes controls intended to reduce accidental exposure, including redaction/sanitization in audit flows and validation of Azure-related requests.
No software can guarantee absolute security. You are responsible for securing your local machine, Azure CLI environment, and Azure account permissions.
You can:
- Control authentication state through Azure CLI (
az login,az logout) - Remove local app data from your device
- Limit what actions you perform in the app (for example, avoid revealing secret values unless necessary)
AzVault relies on third-party components and services, including Microsoft Azure and Azure CLI. Their privacy practices are governed by their own policies and terms.
You may use AzVault for any lawful purpose.
AzVault is provided on an "as is" and "as available" basis, without warranties of any kind. To the maximum extent permitted by law, the project maintainers are not responsible or liable for any direct, indirect, incidental, special, consequential, or other damages, losses, or issues arising from or related to your use of the app.
This Privacy Policy may be updated over time. Updates are effective as of the date shown at the top of this document.
For privacy-related questions about this project, contact the maintainers through the project repository.