Adding an Azure Key Vault Server


You can add or modify a Microsoft Azure Key Vault server from the CommCell Console.

Before You Begin

  • Verify that the Commvault Tomcat service is running. For more information, see Managing Commvault Services.

  • Obtain the certificate that establishes trust with the Key Vault. The key length of the certificate should be a minimum of 2,048 bits.

    For more information about Key Vault certificates, go to Getting started with Key Vault certificates on the Microsoft Azure documentation website.

  • Verify that the Azure user account has the User Access Administrator role on the resource.


  1. From the CommCell Console ribbon, on the Home tab, click Control Panel.

    The Control Panel window appears.

  2. Under Storage, click Key Management Servers.

    The Encryption Key Management Servers dialog box appears.

  3. Click Add, and then select Azure Key Vault.

    The Add Azure Key Vault dialog box appears.

  4. Complete the following steps:

    • Name: Enter the name of the key provider.

    • Encryption key length: Select the key length to use with the Advanced Encryption Standard (AES) cipher.

    • Encryption Type: Select the encryption type.

    • Key vault name: Enter the name of the Azure Key Vault.

    • Tenant ID: Enter the tenant ID for the Azure account.

    • Application ID: Enter the application ID for the tenant.

    • Certificate: Select the location of the certificate.

      For example, select C:\Certificates\client.pfx.

    • Certificate thumbprint: Enter the thumbprint for the certificate.

    • Certificate password: Enter the certificate password.

    • Environment: Select the Azure cloud environment to use.

  5. Click Save.


The Key Vault server appears in the Encryption Key Management Servers dialog box. The name of the server is the application name.