You can use the CVConfigureAzureAppForKeyVault tool to create a service principal in Azure Active Directory.
The following are the sequence of steps that happen after script execution:
-
Creates a service principal in Azure Active Directory.
-
Assigns Key Vault Administrator role on Azure Key Vault.
-
Sets access policy on Key Vault with the following permissions to the keys - unwrapKey, get, create, update and delete.
Procedure
-
Download the CVConfigureAzureAppForKeyVault tool from Commvault Store.
-
Execute the following command:
CVConfigureAzureAppForKeyVault.ps1 -SubscriptionId -KeyVaultName
where,
-
SubscriptionId is the subscription ID of Azure account.
-
KeyVaultName is the name of the Azure Key Vault.
-
-
The tool provides the following information in the output - TenantId, ApplicationId, Certificate file path, thumbprint and password. Note this information.
Note
If the CommServe is on Service Pack 20 and an earlier version of Commvault, you can use thumbprint marked with 11.20 or below.
What to Do Next
-
Copy the certificate to CommServe computer and note down the certificate file path on the CommServe.