diff --git a/kms/apiv1/options.go b/kms/apiv1/options.go
index 37c1fd4c..1faf3e7e 100644
--- a/kms/apiv1/options.go
+++ b/kms/apiv1/options.go
@@ -29,6 +29,12 @@ type CertificateManager interface {
 	StoreCertificate(req *StoreCertificateRequest) error
 }
 
+// ValidateName is an interface that KeyManager can implement to validate a
+// given name or URI.
+type NameValidator interface {
+	ValidateName(s string) error
+}
+
 // ErrNotImplemented is the type of error returned if an operation is not
 // implemented.
 type ErrNotImplemented struct {
diff --git a/kms/azurekms/key_vault.go b/kms/azurekms/key_vault.go
index 4a927d4f..5bd31d30 100644
--- a/kms/azurekms/key_vault.go
+++ b/kms/azurekms/key_vault.go
@@ -268,3 +268,9 @@ func (k *KeyVault) CreateSigner(req *apiv1.CreateSignerRequest) (crypto.Signer,
 func (k *KeyVault) Close() error {
 	return nil
 }
+
+// ValidateName validates that the given string is a valid URI.
+func (k *KeyVault) ValidateName(s string) error {
+	_, _, _, _, err := parseKeyName(s)
+	return err
+}
diff --git a/kms/azurekms/key_vault_test.go b/kms/azurekms/key_vault_test.go
index 0f6d7e0e..1f26e1ef 100644
--- a/kms/azurekms/key_vault_test.go
+++ b/kms/azurekms/key_vault_test.go
@@ -552,3 +552,30 @@ func Test_keyType_KeyType(t *testing.T) {
 		})
 	}
 }
+
+func TestKeyVault_ValidateName(t *testing.T) {
+	type args struct {
+		s string
+	}
+	tests := []struct {
+		name    string
+		args    args
+		wantErr bool
+	}{
+		{"ok", args{"azurekms:name=my-key;vault=my-vault"}, false},
+		{"ok hsm", args{"azurekms:name=my-key;vault=my-vault?hsm=true"}, false},
+		{"fail scheme", args{"azure:name=my-key;vault=my-vault"}, true},
+		{"fail parse uri", args{"azurekms:name=%ZZ;vault=my-vault"}, true},
+		{"fail no name", args{"azurekms:vault=my-vault"}, true},
+		{"fail no vault", args{"azurekms:name=my-key"}, true},
+		{"fail empty", args{""}, true},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			k := &KeyVault{}
+			if err := k.ValidateName(tt.args.s); (err != nil) != tt.wantErr {
+				t.Errorf("KeyVault.ValidateName() error = %v, wantErr %v", err, tt.wantErr)
+			}
+		})
+	}
+}
diff --git a/kms/azurekms/utils_test.go b/kms/azurekms/utils_test.go
index 03d3f6e2..000a9d6b 100644
--- a/kms/azurekms/utils_test.go
+++ b/kms/azurekms/utils_test.go
@@ -65,6 +65,7 @@ func Test_parseKeyName(t *testing.T) {
 		{"fail empty name", args{"azurekms:name=;vault=my-vault"}, "", "", "", false, true},
 		{"fail no vault", args{"azurekms:name=my-key"}, "", "", "", false, true},
 		{"fail empty vault", args{"azurekms:name=my-key;vault="}, "", "", "", false, true},
+		{"fail empty", args{""}, "", "", "", false, true},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {