Configuring use of Azure Key Vault
This page details how to set up and configure an Azure Key Vault for use with Tessera.
The Microsoft Azure documentation provides much of the information needed to get started. The information in this section has been taken from the Azure documentation.
Creating the vault
Using the portal
- Login to the Azure Portal
Create a resourcefrom the sidebar
- Search for, and select,
- Fill out the necessary fields, including choosing a suitable name and location (the list of possible locations can be found using the Azure CLI, see below), and click
Using the CLI
Login to Azure using the Azure CLI
Create a resource group, choosing a suitable name and location
az group create --name <rg-name> --location <location>
To view a list of possible locations use the command
az account list-locations
Create the Key Vault, choosing a suitable name and location and referencing the resource group created in the previous step
az keyvault create --name <kv-name> --resource-group <rg-name> --location <location>
A Key Vault has now been created that can be used to store secrets.
Configuring the vault to work with Tessera
Azure uses an Active Directory system to grant access to services. It will create an ‘application’ that we will authorise to use the vault. It will provide the credentials created as a result of this to authenticate our Tessera instance to use the key vault.
In order for the vault to be accessible by Tessera, the following steps must be carried out:
- Log in to the Azure Portal
Azure Active Directoryfrom the sidebar
New application registrationand complete the registration process. Make note of the
- Once registered, click
Keys, and create a new key with a suitable name and expiration rule. Once the key has been saved make note of the key value - this is the only opportunity to see this value!
To authorise the newly registered app to use the Key Vault complete the following steps:
All servicesfrom the sidebar and select
- Select the vault
- Search for and select the newly registered application as the
- Enable the
Enabling Tessera to use the vault
If using an Azure Key Vault, Tessera requires two environment variables to be set:
AZURE_CLIENT_SECRET: The application registration
Both of these values can be retrieved during the application registration process as outlined above.
The Azure dependencies are included in the
If using the
azure-key-vault-<version>-all.jar must be added to the classpath.