I'm using the Java library to access an Azure Key Vault, and looking at com.azure.security.keyvault.keys.cryptography.CryptographyClient it takes an EncryptionAlgorithm that seem to be able to use symmetric keys. However, you cannot store symmetric keys in Azure Key Vault which then makes me wonder: How do you use for example the EncryptionAlgorithm.A256CBC_HS512?
The only thing I can imagine is to use a jsonWebKey directly as a keyIdentifier (as opposed to using the identifier) and then encrypt the message. So, I need to store a jsonWebKey (AES key) as a secret in the vault, retrieve the secret and then use it to encrypt. This does not feel secure though since the AES key will then be sent over the Internet (even though it is over https).
So, what is the recommended (secure) process of encrypting a message with a symmetric key using Azure Key Vault.
