Key Management in Windows Azure

You'll see from my comment in that first link that I agree with your concerns. :)

Azure has no secure way of storing keys other than it's own Certificate Storage. Here is an article on using this method:

Field Note: Using Certificate-Based Encryption in Windows Azure Applications

You'll notice I've also commented on that article's shortcomings too, linking to this question:

Read azure ServiceConfiguration file's certificate section using c#

An example of using Azure's built in certificate storage to encrypt AES keys (avoiding the RSA restrictions on encrypted data length, while keeping the AES key secure) can be found in this project:

Codeplex: Azure Table Encryption via Attribute

The SymmetricKeyHelper class in the EncryptDecrypt project is of particular interest.

Kudos to @breischl for mentioning it, and for his contributions to the project.

The Azure Key vault service that has been released recently might be a perfect fit for the problem. This has been introduced so that keys can be managed in a central place and access can be easily controlled. It also supports HSM-backed service making it very secure.

Here is a artice on Getting Started with Azure Key Vault

For future Googlers - I've implemented the solution that Stuart Pegg describes above, but decoupled from Azure Tables.

See https://www.fasterweb.io/Blog/two-way-encryption-for-azure-web-roles for a writeup, or https://gist.github.com/strommen/20905504949072fe5e16 for just the code.