Adding an Azure Key Vault

Before You Begin

Obtain Azure Key Vault server information and credentials.

1. Create a key vault in your Azure subscription.

2. Register an application in Azure AD, and note down the Application ID and Tenant ID.

3. Generate application secret and copy the value.

4. Assign permissions to the application.

Procedure

1. From the navigation pane, go to Manage > Security.

   The Security page appears.

2. Click the Credential vault tile.

   The Manage credentials page appears.

3. Click the Vault configuration tab, and then click Add from the upper-right corner of the page.

   The Add credential vault dialog box appears.

4. From the Vendor list, select Azure Key Vault, and then enter the following information:

   1. Name: Enter a unique name for the Azure Key Vault.

   2. Vault URI: Enter full URI of the Azure Key Vault.

   3. Authentication Type: Select an authentication type from IAM AD APP and IAM VM Role (Managed Identity).

      Note

      The minimum role required for an IAM AD App or an IAM VM Role (Managed Identity) to access Azure Key Vault secrets is the Key Vault Secrets User role. This role provides the necessary read permissions needed to retrieve secrets from the Key Vault.

   4. If you selected IAM AD APP as authentication type, then enter the following information:

      1. Tenant ID: Enter the tenant ID of the Azure AD tenant (directory) where the application is registered.

      2. Application ID: Enter the application ID of the Azure AD application.

      3. Application secret: Enter the application secret of the Azure AD application.

      4. Environment: Select the Azure cloud environment to use.

      5. Show endpoints: To see the authentication endpoint, move the toggle key to the right.

   5. Access nodes: Displays the default node that can access the Azure Key Vault. You can select other nodes from the list.

   6. Description: Enter a short description for Azure Key Vault.

5. Click Save.