Key Vault Configuration 5x - Akumina Community

Key Vault Configuration 5x

You are here:

Akumina Key Vault

Akumina uses the Azure Key Vault to protect sensitive information such as connection string to Azure services.

Configuring Key Vault Using the Akumina Template

Akumina does not require a plain text connection string or configuration keys, instead these values can be stored in a Key Vault value and the Key Vault URI is then placed in the interchange.settings.config file for AppManager and in the config.json for People sync.  Please note if running on a VM or WebApp you must enable System Identity and add required permissions on the Key Vault for the objectId.

Create a JSON in this format, please note only the following fields are supported at this time through Key Vault:

{
"RemoteStorageConnection": "",
"ExternalConnection": {
"EndpointUrl": "",
"Database": "akcontainers"
},
"AzureSearchServiceName": "",
"AzureSearchServiceApiKey": "",
"InstrumentationKey":"",
"AppInsightAppId":"",
"AppInsightApiKey":"",
"FuncAppInsightAppId":"",
"FuncAppInsightApiKey":"",
"PrimaryRedisConnection": "",
"SecondaryRedisConnection": "",
"TokenStoreEntityName":"",
"BlobStoreContainerName":"",
"StoreInSingleContainer": "true",
"AadAppId": "",
"AadAppSecret": "",
"SpClientId": "",
"SpClientSecret": "",
"SpAppOnlyClientId": "",
"SpAppOnlyClientSecret": ""

}

Where to acquire values for the Key Vault keys:

 

Key Description  Required Version
RemoteStorageConnection From Azure Portal – This is the Storage Account > Access Keys>ConnectionString Yes All
ExternalConnection Array of items that make up the connection to the database to store the people sync data No 5.0
External Connection – “EndpointUrl” The EndpointUrl – Comes from Cosmos DB “Settings” > Keys > value of the “PRIMARY CONNECTION STRING” No 5.0
External Connection – “Database” The “Database” value comes from the container name for this database. This should always be set to “akcontainers” No 5.0
AzureSearchServiceName This will be the “Name” of the Azure Search Service configured in the Azure Portal to support this people sync. No 4.8, 5.0
AzureSearchServiceApiKey This is the “Primary admin key” for the Azure Search Service configured to support this people sync. No 4.8, 5.0
InstrumentationKey On the Supported AppInsights, click on Overview, copy and paste the “Instrumentation key”. Created for supporting AppManager logging and Dashboard No 5.0
AppInsightAppId On the Supported AppInsights, click on “API Access”, copy and paste the “Application ID”. Created for supporting AppManager logging and Dashboard No 5.0
AppInsightApiKey On the Supported AppInsights, click on “API Access”, click on “Create API Key”, copy and paste the key.Created for supporting AppManager logging and Dashboard No 5.0
FuncAppInsightAppId On the Supported AppInsights created to support the function apps, click on “API Access”, copy and paste the “Application ID”. No 5.0
FuncAppInsightApiKey On the Supported AppInsights, created to support the function apps, click on “API Access”, click on “Create API Key”, copy and paste the key No 5.0
PrimaryRedisConnection Azure Cache for Redis, click on Settings, Access keys, this is the Primary connection string (StackExchange.Redis). No 4.8, 5.0
SecondaryRedisConnection Optional – Azure Cache for Redis, click on Settings, Access keys, this is the Secondary connection string (StackExchange.Redis). No 4.8, 5.0
TokenStoreEntityName The storage containers table name where a user GraphToken and SharePointToken will be stored. No 5.0
BlobStoreContainerName The storage container blob container name where the AppManager configuration data is stored. No 5.0
StoreInSingleContainer PeopleSync values stored in single entity or multiple entity.  Default value = “true” No 5.0
AadAppId The Aad Application Id to synchronize AAD Graph user/group data No 4.8, 5.0
AadAppSecret The Aad Application Secret to synchronize AAD Graph user/group data No 4.8, 5.0
SpClientId The key vault values of AppSettings key “akumina:SpClientIdSecretKeyValutUri” from ClientId used here. The key itself is deprecated. No 5.5
SpClientSecret The key vault values of AppSettings key “akumina:SpClientIdSecretKeyValutUri” from ClientSecret used here. The key itself is deprecated. No 5.5
SpAppOnlyClientId The key vault values of AppSettings key “akumina:SpClientIdSecretKeyValutUri” from AppOnlyClientId used here. The key itself is deprecated. No 5.5
SpAppOnlyClientSecret The key vault values of AppSettings key “akumina:SpClientIdSecretKeyValutUri” from AppOnlyClientSecret used here. The key itself is deprecated. No 5.5

 

  • Create a Key Vault secret then set the value to above JSON.
  • Set the Access Policy on the Key Vault (using Configure from template = Key, Secret, & Certificate Management) and grant the permission to the appropriate VM or webapp where people sync is to run.
  • Open PeopleSync config.json and update the AzureStorageConntetionString with the appropriate URI.
  • On the AppManager website root, open the interchange.settings.config file on the update the RemoteStorageConnection value with the appropriate URI.
Views: 36
//]]>