Azure Key Vault
Azure Key Vault is a cloud service that provides a secure storage for secrets. You can use this Azure resource to securely store custom keys, passwords, certificates, and other secrets.
Azure Key Vault helps solve the following problems:
- Secrets Management - Azure Key Vault can be used to securely store and tightly control access to tokens, passwords, certificates, API keys, and other secrets.
- Key Management - Azure Key Vault can be used as a Key Management solution that makes it easy to create and control the cryptographic keys used to encrypt your data.
- Certificate Management - Azure Key Vault lets you easily provision, manage, and deploy public and private Transport Layer Security/Secure Sockets Layer (TLS/SSL) certificates for use with Azure and your internal connected resources.
For more information, see Microsoft documentation » Azure Key Vault.
You can access Azure Key Vault directly through the Azure Portal, or through the Keys, secrets & certificates link on the Welcome page of Sitefinity Cloud Management Portal.
NOTE: Only users with Access Repos and Pipelines group permissions can manage secrets, keys, and certificates in a Key Vault.
Link Key Vault secrets
As an additional level of usability, you are allowed to link a Key Vault secret to a variable group. This way, you may have version management for the secret and may keep track of all different values.
To link a Key Vault secret, perform the following:
- Login to Sitefinity Cloud Management Portal.
- Navigate to Pipelines » Library.
- Open Custom <Environment name> AppSettings variable group.
- For each app setting, configure the following:
- Name – enter the path to the configuration property; use this pattern: sf-env:<PathToConfigurationProperty>
For information how to locate the path to the property, see Manage configurations in Continuous delivery pipeline.
- Value – enter the name of the secret in Key Vault; use this pattern: $(<NameofSecretInKeyVault>)
NOTE: If you want your app settings to apply to all environments, add these settings to Custom Release AppSettings variable group.