Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CTE-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • Crypto Command Center
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Widows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Managing Azure Resources

Managing Azure Vaults

search

Please Note:

print

Managing Azure Vaults

This section describes how to manage Azure vaults on the CCKM.

Before proceeding, make sure to fulfill prerequisites.

copy link to clipboardAdding Existing Vaults

To add an existing Azure vault to the CCKM:

  1. Log on to the CipherTrust Manager GUI as administrator.

  2. Open the Cloud Key Manager application.

  3. In the left pane, click Containers > Azure Key Vaults. The Azure Key Vaults page is displayed.

  4. Click Add Existing Vault.

  5. On the Add Existing Key Vaults screen, select /enter the following details:

    1. From the Azure Connection drop-down list, select the desired connection.

    2. From the Subscription drop-down list, select the desired subscription.

    3. From the Vault Name check-box, select the vaults that you want to add to the CCKM.

    4. Click Save. The Azure vault is added to the CCKM.

    A message vault added successfully... is displayed on the screen.

copy link to clipboardSynchronizing Azure Keys

Synchronizing is the process to download keys created on the Azure vaults to the CCKM. Synchronization can be achieved using any of the following ways:

copy link to clipboardSynchronizing Specific Vaults

To synchronize a specific vault:

  1. Open the Cloud Key Manager application.

  2. In the left pane, click Containers > Azure Key Vaults. The Azure Key Vaults page is displayed. This page displays the list of Azure key vaults.

  3. Click the overflow icon (ellipsis) corresponding to the desired Azure vault and click Sync Now.

A message Synchronization started... is displayed on the screen.

After successful sync, the synchronized keys are listed on the Cloud Keys > Azure > Azure Keys page. Refer to Viewing Azure Keys for details.

copy link to clipboardSynchronizing All Vaults

To synchronize all the vaults:

  1. Open the Cloud Key Manager application.

  2. In the left pane, click Containers > Azure Key Vaults. The Azure Key Vaults page is displayed. This page displays the list of Azure key vaults.

  3. On the Azure Key Vaults screen, click Sync All.

The synchronization process will start and continue to run in the background.

Note

Sync all Azure Key Vaults is a time intensive operation that could take several hours or days to complete.

After successful sync, the synchronized keys are listed on the Cloud Keys > Azure > Azure Keys page. Refer to Viewing Azure Keys for details.

copy link to clipboardViewing/Editing Details of Azure Vaults

copy link to clipboardViewing Azure Vaults Details

To view the details of an Azure vault:

  1. Open the Cloud Key Manager application.

  2. In the left pane, click Containers > Azure Key Vaults. The Azure Key Vaults page displays the following details.

    ColumnDescription
    NameName of the Azure vault.
    Last SyncedTime of the last performed synchronization.
    ConnectionName of the connection.
    CloudCloud name.
    LocationLocation in which the vault is added.
    SkuPricing Tier information of the vault.
    Subscription NameName of the subscription.
    Subscription IDID of the subscription.
    Vault URIURI of the Azure vault. By default, this column is not visible. Click the Customize View (Custom View) icon, select Vault URI, and click OK to display the column.

copy link to clipboardModifying Azure Vault Details

To edit the details of an Azure vault:

  1. Open the Cloud Key Manager application.

  2. In the left pane, click Containers > Azure Key Vaults. The Azure Key Vaults page displays the list of added Azure vaults.

  3. Click the overflow icon (ellipsis) corresponding to the desired Azure vault and click View/Edit Details.

    You can modify user permission on the Azure vault. Refer to Managing User Permissions on Azure Vaults for details.

copy link to clipboardManaging User Permissions on Azure Vaults

To work with the Azure, users/ group must have the minimum set of permissions that allow them to use the Azure resources such as keys and Azure vaults. Initially, the user only has permission to view the keys. However, if required, the CCKM administrator can grant and revoke permissions.

Note

Only the users who are member of the CCKM Users group will be granted permissions to perform operations on the Azure vault.

To add permission for user/group:

  1. In the Vault Access Control section, click Assign User/Group.

  2. On the Assign User/Group screen, select the user or group to be assigned permissions from the User/Group drop-down list.

  3. Click Save.

The newly added user/ group is displayed under Name in the Vault Access Control section.

CCKM allows the following operations on the Azure vaults:

  • View Key

  • Add Key

  • Upload Key

  • Edit Key

  • Recover Key

  • Restore Key

  • Soft Delete Key

  • Delete Key Backup

  • Purge Key

  • Sync Key

To grant permissions to the user to perform any of the above mentioed operations:

  1. Select the check-box under the desired operation.

  2. Click Update.

A message Updated access control for this key vault message is displayed on the screen.

To remove current permissions assigned to the user:

  1. Under Unassign, click the X button corresponding to the desired user.

  2. On the Unassign User screen, click Unassign.

    Note

    Unassigning this user will remove all permissions currently assigned to the user. Are you sure you want to continue?

  3. Click Unassign.

A message Updated access control for this key vault message is displayed on the screen.

copy link to clipboardDeleting Azure Key Vaults

To delete an Azure key vault:

  1. Open the Cloud Key Manager application.

  2. In the left pane, click Containers > Azure Key Vaults. The Azure Key Vaults page displays the list of added Azure vaults.

  3. Click the overflow icon (ellipsis) corresponding to the desired Azure vault and click Delete.

  4. On the Delete Azure Key Vault screen, select Delete Azure Key Vault.

A message Azure Vault deleted is displayed on the screen.

Warning

Be extremely careful when deleting an Azure vault. Once the Azure vault is deleted, it will no longer be available for use.

On this page