MID Server Azure Key Vault integration
The MID Server integration with the Azure Key vault enables Orchestration, Discovery, and Service Mapping to run without storing any credentials on the instance.
Before you begin
To install the required application on the instance, navigate to .
Role required: External Credential Storage and Management application Scope ID is required: com.sn_mid_extcredstrg
About this task
When setting up access to the Azure Key Vault, the MID Server is either within the Azure environment or it is on an external virtual machine. This procedure covers setting up the Azure Key Vault for a MID Server within the Azure environment.
For more information about specific Azure and Azure Key Vault procedures, see the Azure Key Vault documentation.
Procedure
Azure Key Vault Integration for External Virtual Machine MID Servers
The MID Server integration with the Azure Key vault enables Orchestration, Discovery, and Service Mapping to run without storing any credentials on the instance.
Before you begin
About this task
When setting up access to the Azure Key Vault, the MID Server is either within the Azure environment or it is on an external virtual machine. This procedure covers setting up the Azure Key Vault for a MID Server that is on an external virtual machine.
For more information about specific Azure and Azure Key Vault procedures, see the Azure Key Vault documentation.
Procedure
Supported Credentials for Azure Key Vault Integration
The MID Server supports specified credentials for integration with the Azure Key vault.
List of Credentials
- SNMPV3 Credentials
-
{ "type": "snmpv3", "user": "<user_value>", "authentication_key": "<authentication_key_value>", "privacy_protocol": "<privacy_protocol_value>", "privacy_key": "<privacy_key_value>", "authentication_protocol": "<authentication_protocol_value>", "snmp_context": "<snmp_context_value>" } - VMWare Credentials
-
{ "type": "vmware", "password": "<password_value>", "user": "<user_value>" } - SSH Credentials
-
{ "type": "ssh", "password": "<password_value>", "user": "<user_value>" } - Windows Credentials
-
{ "type": "windows", "password": "<password_value>", "user": "<user_value>", "domain": "<domain_value>" // If it is null or empty, user name will become `.\user` } - Azure Service Principal Credentials
-
{ "type": "azure", "client_id": "<client_id_value>", "tenant_id": "<tenant_id_value>", "secret_key": "<secret_key_value>" } - SSH Private Key Credentials
-
{ "type": "ssh_private_key", "password": "<password_value>", // optional "user": "<user_value>", "ssh_certificate": "<ssh_certificate_value>", "ssh_private_key": "<ssh_private_key_value>", "ssh_passphrase": "<ssh_passphrase_value>" // optional } - AWS Credentials
-
{ "type": "aws", "access_key": "<access_key_value>", "secret_key": "<secret_key_value>" } - API Key Credentials
-
{ "type": "api_key", "api_key": "<api_key_value>" } - Applicative Credentials
-
{ "type": "<applcation_type>", // generated by JSON builder: TODO "password": "<password_value>", "user": "<user_value>" } - Azure Enterprise Agreement Credentials
-
{ "type": "ea_azure", "access_key": "<access_key_value>", "enrollment_number": "<enrollment_number>" } - Azure SAS Credentials
-
{ "type": "azure_sas", "sas_key": "<sas_key_value>", "sas_key_name": "<sas_key_name_value>" } - Basic Auth Credentials
-
{ "type": "basic_auth", "password": "<password_value>", "user": "<user_value>" } - CIM Credentials
-
{ "type": "cim", "password": "<password_value>", "user": "<user_value>" } - Cloud Foundry Credentials
-
{ "type": "sn_itom_pattern_pcf", "password": "<password_value>", "user": "<user_value>", "ssh_private_key": "<ssh_private_key_value>", "ssh_passphrase": "<ssh_passphrase_value>" } - Google API Credentials
-
{ "type": "gcp", "email": "<email_value>", "secret_key": "<secret_key_value>" } - SSL Keystore Credentials
-
{ "type": "keystore", "keystore_password": "<keystore_password_value>", "keystore_path": "<keystore_path_value>", "key_password": "<key_password_value>" } - JMS Credentials
-
{ "type": "jms", "password": "<password_value>", "user": "<user_value>" } - SNMP Community Credentials
-
{ "type": "snmp", "password": "<password_value>" } - SSL Credentials
-
{ "type": "keystore", "user": "<user_value>", "password": "<password_value>", "additional_properties": "<additional_properties_value>", "key_password": "<key_password_value>", "keystore": "<keystore_value>", "keystore_password": "<keystore_password_value>", "keystore_type": "<keystore_type_value>", "ssl_provider_name": "<ssl_provider_name_value>", "security_protocol": "<security_protocol_value>", "truststore": "<truststore_value>", "truststore_password": "<truststore_password_value>", "truststore_type": "<truststore_type_value>" } - IBM Credentials
-
{ "type": "ibm", "user": "<user_value>", "password": "<password_value>", "softlayer_user": "<softlayer_user_value>", "softlayer_key": "<softlayer_key_value>", "bluemix_key": "<bluemix_key_value>" }
Gov Cloud Support for Azure Key Vault Integration
You may need to override authentication and the vault URL when operating in government cloud environments. The following examples are for US government clouds.
- Auth endpoint:
-
For US government clouds: https://login.microsoftonline.us/%s/oauth2/v2.0/token
For US government cloud support: <paramter name="ext.cred.azure.vault_auth_endpoint" value="https://login.microsoftonline.us/%s/oauth2/v2.0/token"/>
- Scope:
-
For US government clouds: https://vault.usgovcloudapi.net/.default
<paramter name="ext.cred.azure.endpoint_scope" value="https://vault.usgovcloudapi.net/.default"/>
For Germany government clouds: https://vault.microsoftazure.de/.default
For Chinese government clouds: https://vault.azure.cn/.default