Configuring Azure Key Vault Support for EFT
This topic provide a *general* guideline to point you in the right direction to gather the necessary information to Configure the Secrets Module in EFT, which requires the Key Vault URL, Client ID, and Client Secret used to access the Azure Key Vault. This procedure assumes you already have an Azure account. (After you click Create on the Key Vault page (in the procedure below), you can sign in if you have an account, or you can create an account.)
The knowledgebase article EFT Secrets: A Primer describes the various mechanisms used by EFT to protect its secrets and several frequently asked questions.
To configure Azure Key Vault support
Sign in to the Azure portal at https://portal.azure.com and create a vault:
On the Azure portal menu or the Home page, click Create a resource.
In the Search the Marketplace box, type Key Vault., then click Key Vault.
On the Key Vault page, click Create.
On the Create key vault section provide the following information:
Name: A unique name is required.
Subscription: Choose a subscription.
Under Resource Group, click Create new and provide a resource group name.
In the Region pull-down menu, choose a location.
Leave the other options as their defaults.
After providing the information above, click Review and Create, then click Create.
After Your deployment is complete appears, click Go to resource. You Key Vault information is displayed. (Take a screen shot and save it in a secure location.)
NEXT, you will need to create an application Client ID and Client Secret
Under the main menu, click Home. The Azure services page appears.
Click the More services arrow on the right.
Click Azure Active Directory. (If your organization already has an Azure Active Directory account, it will appear here, and you will need administration access to register your application (EFT).)
In the left pane, click App registrations.
Provide a name for the application (for example, eftTest), then click Register.
In the left pane, click Certificates and secrets.
Under Client secrets, click the icon to Copy to clipboard. (You must have permission/ be the application owner to do this.)