Merge pull request #6910 from sdgilley/sdg-fix-pr

prmerger-automator[bot] · web-flow · commit 1d897103fb20 · 2025-09-03T16:28:55.000Z
add back changes for key vault
diff --git a/articles/ai-foundry/concepts/architecture.md b/articles/ai-foundry/concepts/architecture.md
@@ -7,7 +7,7 @@ ms.custom:
   - build-2024
   - ignite-2024
 ms.topic: concept-article
-ms.date: 07/22/2025
+ms.date: 09/03/2025
 ms.reviewer: deeikele
 ms.author: sgilley
 author: sdgilley
@@ -79,12 +79,16 @@ Users can optionally connect their own Azure Storage accounts. Foundry tools can
 * **Customer-Managed Key Encryption**:
   By default, Azure services use Microsoft-managed encryption keys to encrypt data in transit and at rest. Data is encrypted and decrypted using FIPS 140-2 compliant 256-bit AES encryption. Encryption and decryption are transparent, meaning encryption and access are managed for you. Your data is secure by default and you don't need to modify your code or applications to take advantage of encryption.
 
-  When using customer-managed keys, your data on Microsoft-managed infrastructure is encrypted using your keys.  
+* **Bring your own Key Vault**:
+  By default, AI Foundry stores all API key-based connection secrets in a managed Azure Key Vault. For users that prefer to manage this themselves, they can connect to their key vault to the Foundry resource. One Azure Key Vault connection will manage all project and resource level connection secrets. Go to learn [how to set up an Azure Key Vault connection to AI Foundry](../how-to/set-up-key-vault-connection.md).
+
+  When using customer-managed keys, your data on Microsoft-managed infrastructure is encrypted using your keys.
+  
   To learn more about data encryption, see [customer-managed keys for encryption with Azure AI Foundry](encryption-keys-portal.md).
 
 ## Next steps
 
 * [Azure AI Foundry rollout across my organization](planning.md)
 * [Customer-managed keys for encryption with Azure AI Foundry](encryption-keys-portal.md)
 * [How to configure a private link for Azure AI Foundry](../how-to/configure-private-link.md)
-* [Bring-your-own resources with the Agent service](../agents/how-to/use-your-own-resources.md)
+* [Bring-your-own resources with the Agent service](../agents/how-to/use-your-own-resources.md)
diff --git a/articles/ai-foundry/how-to/connections-add.md b/articles/ai-foundry/how-to/connections-add.md
@@ -59,6 +59,7 @@ Here's a table of some of the available connection types in Azure AI Foundry por
 | Custom                        |         |                                        | Custom connections allow you to securely store and access keys while storing related properties, such as targets and versions. Custom connections are useful when you have many targets or cases where you wouldn't need a credential to access. LangChain scenarios are a good example where you would use custom service connections. Custom connections don't manage authentication, so you have to manage authentication on your own. |
 | Serverless Model              |    ✅    |                                        | Serverless Model connections allow you to serverless API deployment.                                                                                                                     |
 | Azure Databricks              |    ✅    |                                        | Azure Databricks connector allows you to connect your Azure AI Foundry Agents to Azure Databricks to access workflows and Genie Spaces during runtime. It supports three connection types - __Jobs__, __Genie__, and __Other__. You can pick the Job or Genie space you want associated with this connection while setting up the connection in the Foundry UI. You can also use the Other connection type and allow your agent to access workspace operations in Azure Databricks. Authentication is handled through Microsoft Entra ID for users or service principals. For examples of using this connector, see [Jobs](https://github.com/Azure-Samples/AI-Foundry-Connections/blob/main/src/samples/python/sample_agent_adb_job.py) and [Genie](https://github.com/Azure-Samples/AI-Foundry-Connections/blob/main/src/samples/python/sample_agent_adb_genie.py). Note: Usage of this connection is available only via the Foundry SDK in code and is integrated into agents as a FunctionTool (please see the samples above for details). Usage of this connection in AI Foundry Playground is currently not supported.|
+| Azure Key Vault| ✅ | | Azure service for securely storing and accessing secrets. AI Foundry stores connections details in a managed Azure Key Vault if no Key Vault connection is created. Users that prefer to manage their secrets themselves can bring their own Azure Key Vault via a connection. (See [limitations](#limits)) |
 
 ## Agent knowledge tool connections
 
@@ -167,4 +168,4 @@ For more on how to set private endpoints to your connected resources, see the fo
 ## Related content
 
 - [How to create vector indexes](../how-to/index-add.md)
-- [How to configure a managed network](configure-managed-network.md)
+- [How to configure a managed network](configure-managed-network.md)
