Before you can integrate the Automation 360 Control Room with the Azure Key Vault, you must configure Azure Key Vault requirements using the Microsoft Azure portal.

Procedure

  1. Sign in to the Microsoft Azure portal: Azure portal
  2. Create a key vault in Azure.
    See Quickstart: Create a key vault using the Azure portal.
  3. From the Azure Home page, navigate to Home > selected key vault. Generate or import secrets for the use cases you will be using with the Azure Key Vault.
    For example, if you will be using the bootstrap use case, you should generate a secret that contains the correct database credential that the Control Room will use to authenticate to the database.
  4. Collect the following required Azure environment variables that must be set in the environment of the Control Room Server Microsoft operating system:
    • AZURE_CLIENT_ID: The client (application) ID of an App Registration in the tenant.
    • AZURE_CLIENT_SECRET: A client secret that was generated for the App Registration.
    • AZURE_TENANT_ID: The Azure Active Directory tenant (directory) ID.
  5. After you set the environment variables in Azure, you must then add them to the Server Environment on the Automation 360 Control Room:
    Azure system properties

The Azure Key Vault has a flat name space with no organizational containers. There is no safe or locker within the Azure Key Vault and all credentials are stored together in the same container. Credentials are stored in objects which only have a secret name.

For RBAC policies and best practices, see What is Azure RBAC?