Hi @e37c27bb-72ed-40f5-9768-79a13c83f7a2,
You can definitely use Key Vault with non-Azure VMs. (I'm not sure what type of VM you are referring to, so the instructions may vary based on that.)
The sample Use Application ID and X.509 certificate for non-Azure-hosted apps shows how to authenticate to a key vault when the app is hosted outside of Azure.
This Stack Overflow post also gives a great description of how you can use Azure Key Vault to secure keys for app running in AWS:
//sample pseudocode for accessing Key Vault
//extend KeyVaultCredentials class and override doAuthenticate method.
// create a configuration object
Configuration config = KeyVaultConfiguration.configure(null, keyVaultCredentials);
KeyVaultClient myclient = KeyVaultClientService.create(config);
//encrypt
myclient.encryptAsync(...)
//decrypt
myclient.decryptAsync(...)
Azure KeyVault has client libraries you can use to interact with KeyVault from your application. You should be able to access the Key Vault services from anywhere if you have valid credentials. For instance, there are the client libraries to interact with KeyVault Secrets in .NET, Java, Python and TypeScript. https://video2.skills-academy.com/en-us/azure/key-vault/general/developers-guide
Here is how you can retrieve a secret from KeyVault using .NET:
// Environment variable with the Key Vault endpoint.
string keyVaultUrl = Environment.GetEnvironmentVariable("AZURE_KEYVAULT_URL");
// create the client to interact with the service
var client = new SecretClient(new Uri(keyVaultUrl), new DefaultAzureCredential());
KeyVaultSecret secretWithValue = await client.GetSecretAsync("mySecret");
Console.WriteLine(secretWithValut.Value);