Managing Azure Vaults
This section describes how to manage Azure vaults on the CCKM.
Before proceeding, make sure to fulfill prerequisites.
Adding Existing Vaults
To add an existing Azure vault to the CCKM:
Log on to the CipherTrust Manager GUI as administrator.
Open the Cloud Key Manager application.
In the left pane, click Containers > Azure Key Vaults. The Azure Key Vaults page is displayed.
Click Add Existing Vault.
On the Add Existing Key Vaults screen, select /enter the following details:
From the Azure Connection drop-down list, select the desired connection.
From the Subscription drop-down list, select the desired subscription.
From the Vault Name check-box, select the vaults that you want to add to the CCKM.
Click Save. The Azure vault is added to the CCKM.
A message vault added successfully... is displayed on the screen.
Synchronizing Azure Keys
Synchronizing is the process to download keys created on the Azure vaults to the CCKM. Synchronization can be achieved using any of the following ways:
Synchronizing Specific Vaults
To synchronize a specific vault:
Open the Cloud Key Manager application.
In the left pane, click Containers > Azure Key Vaults. The Azure Key Vaults page is displayed. This page displays the list of Azure key vaults.
Click the overflow icon (
) corresponding to the desired Azure vault and click Sync Now.
A message Synchronization started... is displayed on the screen.
After successful sync, the synchronized keys are listed on the Cloud Keys > Azure > Azure Keys page. Refer to Viewing Azure Keys for details.
Synchronizing All Vaults
To synchronize all the vaults:
Open the Cloud Key Manager application.
In the left pane, click Containers > Azure Key Vaults. The Azure Key Vaults page is displayed. This page displays the list of Azure key vaults.
On the Azure Key Vaults screen, click Sync All.
The synchronization process will start and continue to run in the background.
Note
Sync all Azure Key Vaults is a time intensive operation that could take several hours or days to complete.
After successful sync, the synchronized keys are listed on the Cloud Keys > Azure > Azure Keys page. Refer to Viewing Azure Keys for details.
Viewing/Editing Details of Azure Vaults
Viewing Azure Vaults Details
To view the details of an Azure vault:
Open the Cloud Key Manager application.
In the left pane, click Containers > Azure Key Vaults. The Azure Key Vaults page displays the following details.
Column Description Name Name of the Azure vault. Last Synced Time of the last performed synchronization. Connection Name of the connection. Cloud Cloud name. Location Location in which the vault is added. Sku Pricing Tier information of the vault. Subscription Name Name of the subscription. Subscription ID ID of the subscription. Vault URI URI of the Azure vault. By default, this column is not visible. Click the Customize View ( 
) icon, select Vault URI, and click OK to display the column.
Modifying Azure Vault Details
To edit the details of an Azure vault:
Open the Cloud Key Manager application.
In the left pane, click Containers > Azure Key Vaults. The Azure Key Vaults page displays the list of added Azure vaults.
Click the overflow icon (
) corresponding to the desired Azure vault and click View/Edit Details.You can modify user permission on the Azure vault. Refer to Managing User Permissions on Azure Vaults for details.
Managing User Permissions on Azure Vaults
To work with the Azure, users/ group must have the minimum set of permissions that allow them to use the Azure resources such as keys and Azure vaults. Initially, the user only has permission to view the keys. However, if required, the CCKM administrator can grant and revoke permissions.
Note
Only the users who are member of the CCKM Users group will be granted permissions to perform operations on the Azure vault.
To add permission for user/group:
In the Vault Access Control section, click Assign User/Group.
On the Assign User/Group screen, select the user or group to be assigned permissions from the User/Group drop-down list.
Click Save.
The newly added user/ group is displayed under Name in the Vault Access Control section.
CCKM allows the following operations on the Azure vaults:
View Key
Add Key
Upload Key
Edit Key
Recover Key
Restore Key
Soft Delete Key
Delete Key Backup
Purge Key
Sync Key
To grant permissions to the user to perform any of the above mentioed operations:
Select the check-box under the desired operation.
Click Update.
A message Updated access control for this key vault message is displayed on the screen.
To remove current permissions assigned to the user:
Under Unassign, click the X button corresponding to the desired user.
On the Unassign User screen, click Unassign.
Note
Unassigning this user will remove all permissions currently assigned to the user. Are you sure you want to continue?
Click Unassign.
A message Updated access control for this key vault message is displayed on the screen.
Deleting Azure Key Vaults
To delete an Azure key vault:
Open the Cloud Key Manager application.
In the left pane, click Containers > Azure Key Vaults. The Azure Key Vaults page displays the list of added Azure vaults.
Click the overflow icon (
) corresponding to the desired Azure vault and click Delete.On the Delete Azure Key Vault screen, select Delete Azure Key Vault.
A message Azure Vault deleted is displayed on the screen.
Warning
Be extremely careful when deleting an Azure vault. Once the Azure vault is deleted, it will no longer be available for use.
