Managing Service Principal for an Azure Key Vault Key Management Server

The Commvault software needs a service principal in the Azure Active Directory to connect to Azure Key Vault key management service (KMS) server. You can use the CVConfigureAzureAppForKeyVault tool to create a service principal in Azure Active Directory and set appropriate roles to access Azure Key Vault KMS server. Using this tool, you can also renew credentials for an existing service principal.

Alternatively, you can use the Azure portal to create the service principal. For more information, see Create a service principal using the Azure portal.

Requirements

  • Run the tool on any computer that has PowerShell.

    • Windows PowerShell 5.1 or later (7.x is recommended)

    • Azure Az PowerShell 7.x.x or later (Script automatically installs Az module if not present)

  • The computer must have .net framework 4.7.2 or later.

  • Ensure that the PowerShell execution policy is set to "unrestricted" to run the scripts.

    You can run the following command to set the execution policy to "unrestricted".

    Set-ExecutionPolicy -ExecutionPolicy Unrestricted
  • The Azure user who runs the tool must have the following roles on the key vault - Contributor and User Access Administrator.

Loading...