The Azure Key Vault is used for storing secrets, like credentials, connection strings, certificates etc. Make is using the Key Vault for storing the certificate that is used for App Context function calls to Office 365.
By default, the name of the Key Vault is based on the naming convention:
| Naming Convention | |
|---|---|
| Format | <DEPT[2|4]>-KV-<SERVICE[3|6]>-<ENVIRONMENT[2|4]><REGION[2|3]> |
| Example | RC-KV-MAKE-DEV-WE |
| RC-KV-MAKE-TST-WE |
Access Policies
The installation user account and the Make application will be given permissions to access the Key Vault by defining policies for both principals.
The installation user account is granted all permissions for Keys, Secrets and Certificates.
The Make application is granted just Get permissions for Secrets. This is necessary to get the certificate with the private key that will be used for signing the call to SharePoint Online.