Azure RBAC (Role-based Access Control)

Edit online
Follow the steps below to create a key vault:
  1. Open the Microsoft Azure portal.
  2. Search for Key vaults, and then click the result to access the Key vaults page.
  3. Click Create. The Create a key vault page appears.
  4. In the Basics tab, provide the basic information for the key vault, and then click the Access configuration tab.
  5. In the Permission model section, select Azure role-based access control (recommended).
  6. Click the Networking tab.
  7. Select Enable public access which allows all networks to connect to this key vault.
    Note: If you only allow IBM® Storage Protect for Cloud and the IBM cloud services you are using to connect to this key vault, you can edit the key vault’s firewall settings after the key vault provisioning.
  8. Click the Tags tab, and you can add tags to categorize your key vault.
  9. Click Review + create to review all of your configurations first, and then click Create at the bottom to create the key vault.
    Note: If you need to change some settings before creating the key vault, you can click the Previous button to change previous settings.

    After the key vault is created, follow the steps below to assign the role:

  10. Open the Microsoft Azure portal, and navigate to the Key Vaults resource.
  11. Click Access control (IAM) in the Key Vault’s menu.
  12. Click Add and select Add role assignment.
  13. In the Role list, select Key Vault Crypto User.
  14. Go to the Members tab.
  15. In the Assign access to section, select User, group, or service principal.
  16. Click Select members.
  17. Search for and select your application.
  18. Click Review+assign to complete the role assignment.