The RSAKeyVaultProvider enables you to use secrets and certificates stored in an Azure Key Vault for performing signing and decryption operations. (Encrypt and verify can be done locally with the public key material.) The type derives from RSA so can be used anywhere an AsymmetricAlgorithm can be, including with SignedXml types. To run these tests, you'll need to import a code signing certificate into an Azure Key Vault. You can do this by importing the PFX for certs you already have, or, the harder way, by generating a CSR in the HSM and using that for an EV Code Signing certificate. You will also need to create a new RSA key using Add-AzureKeyVaultKey or the UI mentioned below. Use the key name as the azureKeyVaultKeyName in the config and the certificate name as the azureKeyVaultCertificateName.