Create a Key Vault in Azure

You can create a key vault in Azure.

Procedure

Make sure you have an Azure subscription that contains Azure Key Vault. Then follow the instructions below:

  1. Create an application. This application is only used for Azure Key Vault.
    1. In the Microsoft Entra admin center (or Microsoft Azure portal), navigate to Microsoft Entra ID > App registrations.
    2. Click New registration on the ribbon.
    3. On the Register an application page, configure the application settings.
    4. Click Register to create your application.
    5. After the application is created successfully, copy the application ID. The application ID is the client ID that will be used in the encryption profile.
  2. Add a client secret for the application.
    1. After creating the application, click Certificates & secrets in the left menu.
    2. In the Client secrets field, click New client secret.
    3. In the Add a client secret pane, enter a description for the client secret and select a duration.
    4. Click Add. The value of the client secret is automatically generated and displayed.
    5. Copy the client secret value. You will need to provide the value when configuring the encryption profile.
    Note: The value will be hidden after you leave or refresh the page.
  3. Create a key vault.
    1. In the Microsoft Azure portal, enter Key vaults in the search box on the top, and then select the first result to access the Key vaults page.
    2. Click Add. The Create key vault page appears.
    3. In the Basics tab, provide the basic information for the key vault, and then click the Access policy tab.
    4. Click Add Access Policy.
    5. On the Add access policy page, select the following Key permissions from the drop-down list.
      • In the Key Management Operations field, select Get.
      • In the Cryptographic Operations field, select Decrypt and Encrypt.
    6. Click the select button in the Select principal field.
    7. In the Principal pane, enter the application name or application ID in the search box.
    8. Select the application and click Select at the bottom.
    9. Click Add to add the access policy.
    10. Click the Networking tab.
    11. Select Public endpoint (all networks) which allows all networks to connect to this key vault.
    12. Click the Tags tab and you can add tags to categorize your key vault.
    13. Click Review + create to review all of your configurations first, and then click Create at the bottom to create the key vault.
      Note: If you need to change some settings before creating the key vault, you can click the Previous button to change previous settings.
  4. Create a key.
    1. On the Key vaults page, click the newly created key vault.
    2. Click Keys in Settings. In the Keys pane, click Generate/Import on the ribbon and create a key.
    3. In the Keys pane, click the key name, and then click the current version. The key properties are displayed.
    4. Copy the key identifier. You will need to provide the key identifier when configuring the encryption profile.