Keyvault lessons learned:

• Once you import a key (not a secret) to keyvault, you can’t download the private key - only the public. In order to stash the private key in a recoverable manner, send it up to a secret. One suggestion is sending passphrase and private key as separate secrets.

• Everything encrypted to FIPS 140-2 Level 1