Add Key Vault Reference Configuration Used by App
Access Permission
Request eligibility msaidataplat on OSP Portal . We use AAD authentication for external users, when the eligibility is granted, your debug account will be added into corresponding AAD group.
Request Contributor on DMS-DatacenterManagement.
Torus Command
Request-AzureResourceRoleElevation -Role Contributor -SubscriptionId 8228d12f-ea13-416f-91c7-76afaeb89c83 -Reason "Sentry" -Duration 4
How to Configure a Secret value in Azure Key Vault
step 1 :
Sign in the Azure Portal with your JIT account, go to the SentryKeyVault action page, and click on Access policies to check if you have permission to manage secrets.
If there is no USER in Access policies or your JIT account under USER, you do not have permission to manage secrets.
If you do not have permission to manage the secrets, click Add Access Policy.
Select the type to be configured, click None selected, search for your Torus Account in the popup page on the right, then select your JIT account from the search account, click Select button, and finally click Add button to complete the permission configuration.
Finally, click Save to save the configuration for the permissions to take effect.
step 2 :
After you have permission, click Secrets to list all the existing secrets. Click Generate/Import to add a new secret.
Fill in Name and Value, and click the Create button to create a secret
How to Reference the Secret from Azure Key Valut in Azure Configuration Environment
step 1 :
Please confirm if your Azure Application has permission to access the specific Azure Key Vault.
step 2 :
Find the Configuration in the application where you need to add the secret value. Click New application setting to add a new application setting value.
Fill in Name and Value and click OK. (SecretUri in Value is the Secret Identifier value in Secret that you set in Step 2.)
step 3 :
Finally, click Save to save the configuration.
