diff --git a/terraform/azure/key_vault.tf b/terraform/azure/key_vault.tf
index 7f2be4a6d7..19369e9833 100644
--- a/terraform/azure/key_vault.tf
+++ b/terraform/azure/key_vault.tf
@@ -33,7 +33,7 @@ resource "azurerm_key_vault" "example" {
 resource "azurerm_key_vault_key" "generated" {
   name         = "terragoat-generated-certificate-${var.environment}"
   key_vault_id = azurerm_key_vault.example.id
-  key_type     = "RSA"
+  key_type     = "RSA-HSM"
   key_size     = 2048
   key_opts = [
     "decrypt",