Adding a Key Broker for Azure Service
This section describes how to create (deploy) a Key Broker for Azure service in the DPoD offering.
Create a Key Broker for Azure Service
If you haven't already, log into DPoD with an account with application owner privileges.
Click the Services tab and select Add New Service.
Under the CipherTrust Key Management Services section, find the Key Broker for Azure service tile and click Provision Service.
If using an evaluation tenant, click Try Service instead of Provision Service. See Enterprise Tenants for more information about evaluation tenant capabilities.
A Redirect Notice displays.
Click Go to Azure.
The Azure authentication dialog opens.
Select the Azure Account you would like to use (it must have Azure Key Vault access), and enter your Azure credentials.
The Permissions Requested dialog displays.
Click the Consent on behalf of your organization check box.
Click Accept to allow Key Broker for Azure service to access the listed resources. This is required for the service to operate.
You are redirected to the DPoD Add New Service page and the Add Key Broker for Azure wizard displays.
Review and accept the "Terms of Service DPoD," then click Next.
Enter a name for the service in the Service Name field. From the Select Azure Subscription drop-down, select the Azure Subscription you would like to use. Click Next.
Specify the Azure Resource Group where you want the Key Vault to be placed.
If you want to create a new Resource Group in Azure, enable the Create a new group radio button, then enter a name for the Resource Group in the New group name field. From the Select Database Location drop-down select the database region where you want Azure to create the Resource Group in.
If you want to use an existing Azure Resource Group, enable the Select an existing group radio button, then from the Select group drop-down select the Resource Group.
"Group", in this context, refers to an Azure Resource Group.
Enter a postfix for the Key Vault name in the New Key Vault Name field (the Key Vault name will always be prefixed with "dpod-" followed by some random characters, so it does not conflict with any existing Key Vault), then enable the I understand and accept that the creation of a new Key Vault may incur premium costs in my Azure account. check box. Click Next.
Review the configuration on the Summary screen. If appropriate, click Finish.
After a short wait, the Key Broker for Azure service is created and now added to the My Services list.
The service details page provides an overview of the service and the associated Azure User ID, Resource Group, and Key Vault. These account details are needed when accessing the keys through the Azure Portal.
At this point there are no keys in the Azure Key Vault yet. You will generate a key in the next procedure.