Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Azure Resources

Managing Azure Vaults

search

Please Note:

Managing Azure Vaults

This section describes how to manage Azure vaults on CCKM.

Before proceeding, make sure to fulfill prerequisites.

Adding Existing Vaults

To add an existing Azure vault to the CCKM:

  1. Log on to the CipherTrust Manager GUI as administrator.

  2. Open the Cloud Key Manager application.

  3. In the left pane, click Containers > Azure Key Vaults. The Azure Key Vaults page is displayed.

  4. Click Add Existing Vault. The Add Existing Key Vaults dialog box is displayed.

  5. Select/enter the following details:

    1. From the Azure Connection drop-down list, select the desired connection.

    2. From the Subscription drop-down list, select the desired subscription.

    3. Select the vaults that you want to add to the CCKM. Use the Vault Name check box to select vaults.

  6. Click Save. The Azure vault is added to the CCKM.

A message vault added successfully... is displayed on the screen.

Refreshing Azure Keys

Refreshing is the process of downloading keys created on the Azure vaults to CCKM. You can refresh keys from individual vaults or all vaults at once.

Refreshing Specific Vaults

To refresh keys of a specific vault:

  1. Open the Cloud Key Manager application.

  2. In the left pane, click Containers > Azure Key Vaults. The Azure Key Vaults page is displayed. This page displays the list of Azure key vaults.

  3. Click the overflow icon (ellipsis) corresponding to the desired Azure vault and click Refresh Now.

A message Refresh started... is displayed on the screen.

After successful refresh, the refreshed keys are listed on the Cloud Keys > Azure > Azure Keys page. Refer to Viewing Azure Keys for details.

Refreshing All Vaults

To refresh keys of all vaults:

  1. Open the Cloud Key Manager application.

  2. In the left pane, click Containers > Azure Key Vaults. The Azure Key Vaults page is displayed. This page displays the list of Azure key vaults.

  3. Click Refresh All. The This may take a while... message is displayed.

    Note

    Refresh all Azure Key Vaults is a time intensive operation that could take several hours or days to complete. It will continue running in the background. Do you want to continue?

  4. Click Refresh All to continue.

A message Refresh started... is displayed on the screen. To cancel the refresh, click Cancel Refresh.

After successful refresh, the refreshed keys are listed on the Cloud Keys > Azure > Azure Keys page. Refer to Viewing Azure Keys for details.

Viewing/Editing Details of Azure Vaults

Viewing Azure Vaults Details

The Azure Key Vaults page shows the list of existing Azure key vaults. Search for the key vaults by Vault Name.

To view the details of Azure vaults:

  1. Open the Cloud Key Manager application.

  2. In the left pane, click Containers > Azure Key Vaults. The Azure Key Vaults page displays the following details.

    ColumnDescription
    NameName of the Azure vault.
    Last RefreshedTime when the vault was last refreshed.
    ConnectionName of the connection.
    CloudCloud name.
    LocationLocation in which the vault is added.
    SkuPricing Tier information of the vault.
    Subscription NameName of the subscription.
    Subscription IDID of the subscription.
    Vault URIURI of the Azure vault. By default, this column is not visible. Click the Customize View (Custom View) icon, select Vault URI, and click OK to display the column.

Modifying Azure Vault Details

To edit the details of an Azure vault:

  1. Open the Cloud Key Manager application.

  2. In the left pane, click Containers > Azure Key Vaults. The Azure Key Vaults page displays the list of added Azure vaults.

  3. Click the overflow icon (ellipsis) corresponding to the desired Azure vault and click View/Edit Details.

    You can modify user permission on the Azure vault. Refer to Managing User Permissions on Azure Vaults for details.

Managing User Permissions on Azure Vaults

To work with the Azure, users/ group must have the minimum set of permissions that allow them to use the Azure resources such as keys and Azure vaults. Initially, the user only has permission to view the keys. However, if required, the CCKM administrator can grant and revoke permissions.

Note

Only the users who are member of the CCKM Users group will be granted permissions to perform operations on the Azure vault.

To add permission for user/group:

  1. In the Vault Access Control section, click Assign User/Group.

  2. On the Assign User/Group screen, select the user or group to be assigned permissions from the User/Group drop-down list.

  3. Click Save.

The newly added user/ group is displayed under Name in the Vault Access Control section.

CCKM allows the following operations on the Azure vaults:

  • View Key, Add Key, Upload Key, Edit Key

  • Recover Key, Restore Key

  • Soft Delete Key, Delete Key Backup

  • Purge Key, Refresh Key

Note

Depending on the type of the Azure vault, a key is deleted differently.
Vault with Soft-Delete Enabled: To delete the key permanently, perform the Soft Delete and the Purge operations on the key. However, for this operation to be successful, the user must have the Soft Delete Key and the Purge Key access.
Vault with Soft-Delete Disabled: To delete the key permanently, use the Delete option. However, for this operation to be successful, the user must have the Soft Delete Key access.

Granting Permission to Perform an Operation

To grant permissions to the user or group to perform any of the above mentioned operations:

  1. Select the check box under the desired operation corresponding to the desired users or groups.

  2. Click Update.

A success message is displayed on the screen.

Removing a Permission

To remove a permission assigned to a user or group:

  1. Clear the check box under the desired operation corresponding to the desired users or groups.

  2. Click Update.

A success message is displayed on the screen.

Removing Permission from a User/Group

To remove current permissions assigned to the user/group:

  1. Under Unassign, click the X button corresponding to the desired user/group.

  2. On the Unassign User / Unassign Group screen, click Unassign.

    Note

    Unassigning this user/group will remove all permissions currently assigned to the user/group. Are you sure you want to continue?

  3. Click Unassign.

A message Updated access control for this key vault is displayed on the screen.

Deleting Azure Key Vaults

To delete an Azure key vault:

  1. Open the Cloud Key Manager application.

  2. In the left pane, click Containers > Azure Key Vaults. The Azure Key Vaults page displays the list of added Azure vaults.

  3. Click the overflow icon (ellipsis) corresponding to the desired Azure vault and click Delete.

  4. On the Delete Azure Key Vault screen, select Delete Azure Key Vault.

A message Azure Vault deleted is displayed on the screen.

Be extremely careful when deleting an Azure vault. Once the Azure vault is deleted, it will no longer be available for use.

On this page