Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

FlexDeploy provides out of box integration with Azure Key Vault to retrieve secrets. FlexDeploy will authenticate using the OAuth 2.0 authentication method.

...

  • Create new App registration in the Azure Portal. You can leave the Redirect URL blank.

  • Create a new Client Secret in the Certificates & secrets section in the created app registration.

    Image Removed

...

  • Copy the secret as this is the last chance you have to do so.

  • Provide the Key Vault Secrets User role to the created app registration in the desired Key Vault's Access policies section (for Vault access policy) or Access control (IAM) section (for Azure role-based access control). 

  • Here are screenshots for IAM setup.

...

Here are the configurations necessary for this store.

...

Property Name

Notes

Example

Vault URL

HTTP URL for Azure Key Vault.

https://mycompany.vault.azure.net

Tenant ID

Azure Tenant ID or Directory ID.

as per your Vault configurations

Client ID

The Application ID of the application registered in the Azure Portal.

as per your Vault configurations

Client Secret

Client Secret generated in Azure Portal.

as per your Vault configurations

Azure Resource

The App ID URI of the target web API.

https://vault.azure.net/

Grant Type

Authentication Credential Grant Type.

client_credentials

API Version

Version of the Azure REST API.

2016-10-01

Now you are ready to create an individual credential to be retrieved from the Key Vault.

...

Azure Key Vault Credential requires input as described below.

Input Name

Notes

Secret Name

Secret name for secret value.

Secret names can also be entered in the format SecretName/Version to retrieve a specific version of the secret.

Here is what the edit credential popup looks like.

...