Azure Key Vault Connector Integration

This article outlines how to retrieve connector details from Azure Key Vault, including instructions on App Registration, creating Key Vault Secrets, assigning roles, and validating the Azure Key Vault connector.

What is Azure Key Vault ?

Azure Key Vault allows for secure storage and strict access mechanisms of sensitive information such as tokens, passwords, certificates, API keys, and other confidential data. 

For more information, refer to the Azure Key Vault

Please follow the below steps for integrating the OvalEdge application with Azure Key Vault. 

1. App Registration: It authenticates the OvalEdge application to the Azure Key Vault.
2. Create Key Vault Secrets: It stores the MySQL Database details and ES credentials.
3. Role Assignment: It grants access to Azure resources and involves creating a role assignment.
4. Azure Key Vault Connector: It establishes the Azure Key Vault Connector in the OvalEdge application.

App Registration

When you register an application in Azure, you get a unique identifier called a Client ID or Application ID that represents the application.

1. Log in to the Azure Portal (https://portal.azure.com) with your Azure account credentials.
2. From the All Services menu, select App Registrations.
   
3. Click on the + New registration tab.
   
4. Enter a name for your app and click on the Register button.
   
5. Once the app is registered, navigate to the Certificate and secrets option and click on the Client secrets tab.
   
6. Click on the + New Client Secret, then Add a client secret pop-up window is displayed.
   
7. Enter the description for client secret and select the secret expiry from the drop-down list.
8. Click on the Add button that will generate a new client secret.
9. Copy the value and store it in the notepad that is required in the Section : Azure Key Vault Connector.
   
10. Navigate to the Overview tab and copy the Client ID and Tenant ID for your app.
    
    
    

Creating Azure Key Vault Secrets

To create Key Vault Secrets in Azure, follow below steps:

1. Navigate to Key Vaults.
   
2. Click on the + Create tab.
   
3. Create a Key Vault form is displayed.
   
4. Select the Resource group from the drop-down list and provide the Key Vault name.
5. Click on the Review + Create button.
   
6. Click on the Create button.
   
7. Once the deployment is complete, click on the Go to resource button.
   
8. Click on the Secrets option.
   
9. Click on the + Generate/Import tab. A Create a Secret page is displayed.
   
10. To create the secret, select Upload options as Manual.
11. Enter the Name as Salesforce-username (Suppose you need it for Salesforce connector).
12. Enter the Value  as “Actual username of connector(example: Salesforce)”.
13. Click on the Create button.

Examples: 

Below are few examples of connectors that can utilize Azure Key Vault to retrieve Azure secrets securely.

Role Assignment

1. Go to Azure portal and navigate to Access control (IAM) and select Add Role assignments.
   
   
2. Click + Add tab, Add role assignment page is displayed.
   
3. Select Privileged administrator roles and click on the Contributor.
4. Click on the Next button that will navigate to the Members tab.
5. Click on the + Select members and search for the app registry you created and select the app registry then click on the Select button.
   
6. Click on the Review + Assign button to display details of the role assignment.
   
7. Select Review + assign tab then click on the Review + assign button.
   
8. Navigate to the Access policies option and click on the +Create tab.
   
9. Set the Permission as
   1. 'Key permissions' as Get, 
   2. 'Secret Permissions' as Get, 
   3. 'Certificate permissions' as Get.
      
      
   
   
   
10. Click on the Next button.
11. Select the app you created and click on the Next button.
    
12. Click on the Review + create tab.
    
13. Click on the Create button that completes the role assignment process.

Azure Key Vault Connector

To setup the Azure Key Vault connector,

1. Log in to the OvalEdge application.
2. In the left menu, navigate to the Administration module, and click on Connectors.
3. Click on the + icon (New Connector), the Add Connector pop-up is displayed.
4. Select the Azure Key Vault connector.
   
5. Enter the mandatory fields of Azure Key Vault such as Connection Name, Client Id, Client Secret, Tenant and Resource, Keyvault URL.
   
6. Once the Azure Key Vault is successfully validated and saved, it will be available in the Credential Manager dropdown field of the other implemented connector such as Salesforce (as an example).
   Note: The Key Vault Connector can be validated using Bridge. To do so, you need to select the Bridge from the dropdown, which displays all the added bridges. After selecting the Bridge, enter the required connection details. Once the connection details are entered, click on the Validate button to verify the details. If the details are validated successfully, and then connection is saved.
7. You can navigate to the Administrator | Connector module to select the Salesforce connector and click on the Credential Manager dropdown to select the AzureKeyVault option.
   
8. Once Azure Key Vault is selected, you need to enter a username. For instance, Username is the key vault secret name (Salesforce-username) generated in step 11 of section Creating Azure Key Vault Secrets.
9. Provide all the mandatory fields and key vault key in the connection details and validate the connection and save the connection.