To give Commvault access to VMs that are encrypted with Azure Key Vault, you can use a Commvault-provided custom role or an access policy, but access policies are less secure and are considered by Microsoft to be a legacy authorization system.
Custom Role
Assign the CVBackupRole-Encryption.json custom role to your Azure Key Vault application.
For instructions to assign roles, see Assign Azure roles using the Azure portal.
Permissions for Access Policy
Instead of using a custom role, you can assign an access policy to the Azure VM or the Azure Key Vault application that functions as your service principal.
For instructions to assign an access policy, see Assign a Key Vault access policy (legacy).
When you assign the access policy, for Key permissions and Secret permissions, select the following permissions:
-
Get
-
Recover
-
Backup
-
Restore
Note
The Commvault software does not support VMs that are encrypted with Azure Key Vault for managing certificates.