To use it you need to have (of course) a key vault in Azure.
To be able to access it via this tool you need to have the following:
1. Register your application in Azure to be able to connect (https://portal.azure.com)
To register the connector application open up your Azure portal at https://portal.azure.com. If you have an office 365 package you can login to Azure using your office 365 admin credentials. In the search bar at the top of the screen type in 'App registration' and press select. You should see the below screen.
The following attributes you need to copy:
<<Client_Id>>
Specifies the Azure AD client Id of the calling web service. To find the calling application's client ID, in the Azure portal, click Azure Active Directory, click App registrations, click the application. The Client_Id is the Application ID.
<<Tenant_Id>>
Go to Portal.azure.com > Azure Active Directory > Properties. The directory ID it shows there is your Tenant_Id.
<<Client_Secret>>
Enter a key registered for the calling web service or daemon application in Azure AD. To create a key, in the Azure portal, click Azure Active Directory, click App registrations, click the application, click Settings, click Keys, and add a Key. This will be URL encoded when used.
Don't forget to add the permission to the application to be able to access the Microsoft Azure Key Vault.
2. The Actual Key Vault
Create/use your Key Vault in Azure.
<<VaultBaseURL>>
This is also needed, so grab this from the overview-tab and copy it the DNS-name. i.e. https://yourvaultname.vault.azure.net
In AccessPolicies tab make sure you add the in 1. generated application to have access to the Vault. At least Get/List permissions.
In the demo application fill in all the values for you Vault.
3. Create the Vault Mapping in OutSystems
Simply call the Vault_Create action from MicrosoftAzureKeyVault
- Id: Id of the vault record (nullindentifier() for new)- ApplicationId: The id of the application the vault belongs too- VaultName : Unique name of your key vault. Name it wisely, can be different than the actual VaultName, it's for OutSystems internal use.- VaultBaseURL: Full URL of the key vault in azure i.e. hyyps://myvault.vault.azure.net You should have it from step 2- Client_Id, Client_Secret, Tenant_Id you should have gotten from step 1- Resource_Id := https://vault.azure.net- SecondsBeforeTokenRefresh: SecondsBeforeFetchingNewAccessToken - how many seconds before we fetch a new token
When you save your vault entry the OSVault key will be shown. Copy this key. You need it when call the vault actions.
5. Use the actions wisely
The VaultName is the name you have provided in the Vault_Create.The OSVaultSecret is the secret you get when saving the Vault in OutSystemsThe CertificateName, KeyName and SecretNames are the names you have given them in the KeyVault itself.
5. Final remarks
The component is under developments so it could be there are attributes not returned yet because of the enormous variations you could have.
Please let us know if you are missing certain attributes which you need.
Good luck and be safe out there!
In the demo application will in all the values for you Vault.
- Id: Id of the vault record (nullindentifier() for new)
- ApplicationId: The id of the application the vault belongs too
- VaultName : Unique name of your key vault. Name it wisely, can be different than the actual VaultName, it's for OutSystems internal use.
- VaultBaseURL: Full URL of the key vault in azure i.e. hyyps://myvault.vault.azure.net You should have it from step 2
- Client_Id, Client_Secret, Tenant_Id you should have gotten from step 1
- Resource_Id := https://vault.azure.net - SecondsBeforeTokenRefresh: SecondsBeforeFetchingNewAccessToken - how many seconds before we fetch a new token
The VaultName is the name you have provided in the Vault_Create. The OSVaultSecret is the secret you get when saving the Vault in OutSystems
The CertificateName, KeyName and SecretNames are the names you have given them in the KeyVault itself.