Azure Key Vault configuration

Azure Key Vault is a cloud service provided by Microsoft Azure designed to safeguard cryptographic keys, secrets, and certificates used by cloud applications and services. It helps organizations securely store and control access to tokens, passwords, API keys, encryption keys, and other sensitive information. You can configure your organization to retrieve sensitive connection credentials from Azure Key Vault instead of directly entering the credentials in the connection properties.

To configure your organization to retrieve secrets from Azure Key Vault, enable secret vault in Administrator, select Azure Key Vault as the secrets manager, and configure the connection properties. Then, you can configure connections to retrieve sensitive credentials from Azure Key Vault.

Azure Key Vault secret names

Azure Key Vault connection properties

Property	Description
Type	Secrets manager type. Choose Azure Key Vault.
Client ID	Application (client) ID that the Secure Agent should use to connect to your key vault. The client ID is the unique application (client) ID assigned to your app by Azure AD when it was registered. Tip: You can find your application (client) ID in your Azure subscription in Azure Active Directory > Enterprise applications > Application (client) ID. The application (client) that you specify must have the Get and List permissions for secrets.
Client Secret	Secret string that the Secure Agent uses to prove its identity when requesting access to the key vault.
Tenant ID	Azure Active Directory (tenant) ID that should be used for authenticating requests to the key vault.
Vault URI	URI of the key vault that stores the connection credentials.
Authority Host	URL of the authority host endpoint. If not specified, the global endpoint https://login.microsoftonline.com is used.