Why can't I distribute keys to Azure Key Vault?

After I create an Azure Key Vault key using Hyper Protect Crypto Services with Unified Key Orchestrator, I can't distribute the key to an external keystore of type Azure Key Vault.

After you create a key in Hyper Protect Crypto Services with Unified Key Orchestrator and distribute it to a keystore of Azure Key Vault, you cannot find the key that is listed in the connected Key Vault instance in the Azure cloud or use it for encryption.

You might have accidentally deleted a key named EKMF-BYOK-KEK-FOR-IMPORT in the Azure Key Vault instance that you connect to. You can distribute keys to your Azure Key Vault only if a key named EKMF-BYOK-KEK-FOR-IMPORT exists in the Azure Key Vault instance. By default, this key is automatically created when you successfully connect to your Azure Key Vault instance.

Create a key from the Azure Key Vault UI based on the following key settings. And then, activate and distribute keys that you create from the Hyper Protect Crypto Services UI to keystores again. For detailed instructions, see Editing key details with the UI.