Skip to content

Key Vault Installation

Tldr

  • Naming Convention: xxx-pwrp-kv
  • SKU (Pricing tier): Standard
  • Soft Delete: True
  • Permission model: Vault access

Create Key Vault

The Key Vault is needed to store secrets that we do not want to store in code or in configurations. You can use an existing key vault or create a new one.

  1. In Azure portal, create a key vault.
  2. Name: Our naming convention for Key Vaults is xxx-pwrp-kv, where xxx is a short code of the client.
  3. Standard pricing tier is good enough.
  4. Soft-delete is fine.

  5. In the Access configuration set Permission model to Vault access policy.

  6. Create an access policy.
  7. The minimum access policy to read secrets is Secret Get, List
    key-vault-create.png
  8. Click Next and select the Principal. The principal is the user or identity that needs access. For example, if an Azure Function needs access to the secret, you need to turn the Identity Management of the Azure Function on, and provide it access here:
    1. search for the Principal ID of the App Identity that was created from us (go back to Azure Function > Identity if you can't find it and copy the ID)
      azure-create-keyvault.png
    2. Create a Secret in the Key vault
      azure-keyvault-generate-secret.png
      Name: e.g. bcdwh-sqlserver-pwd
      Value: The sqlserver password (define one in case you haven't created an SQL Server yet)
      azure-create-secret.png