Which Azure service should you use to store certificates?
Azure Key Vault enables Microsoft Azure applications and users to store and use several types of secret/key data:
Cryptographic keys: Supports multiple key types and algorithms, and enables the use of Hardware Security Modules (HSM) for high value keys.
Secrets: Provides secure storage of secrets, such as passwords and database connection strings.
Certificates: Supports certificates, which are built on top of keys and secrets and add an automated renewal feature.
Azure Storage: Can manage keys of an Azure Storage account for you. Internally, Key Vault can list (sync) keys with an Azure Storage Account, and regenerate (rotate) the keys periodically.