The service principal credentials (certificate) will have a limited expiry date (1 or 2 years). You should set new certificate when expiry date approaches. You can use the CVConfigureAzureAppForKeyVault tool to update the service principal.
The following are the sequence of steps that happen after script execution:
-
Generates a new certificate.
-
Uploads a certificate to Azure.
-
Assigns Key Vault Administrator role on Azure Key Vault.
-
Sets access policy on Key Vault with the following permissions to the keys if any permissions are missing - unwrapKey, get, create, update and delete.
Procedure
-
Download the CVConfigureAzureAppForKeyVault tool from Commvault Store.
-
Execute the following command:
CVConfigureAzureAppForKeyVault.ps1 -SubscriptionId -KeyVaultName -ApplicationIdwhere,
-
SubscriptionId is the subscription ID of Azure account.
-
KeyVaultName is the name of the Azure Key Vault.
-
ApplicationId is the existing application ID. You can get this from the key management server properties in Command Center or CommCell Console.
-
-
The tool provides the following information in the output - TenantId, ApplicationId, Certificate file path, thumbprint and password. Note this information.
Note
If the CommServe is on Service Pack 20 and an earlier version of Commvault, you can use thumbprint marked with 11.20 or below.
What to Do Next
-
Copy the certificate to CommServe computer and note down the certificate file path on the CommServe.