Azure Key Vault

The Azure Key Vault is used for storing secrets, like credentials, connection strings, certificates etc. Make is using the Key Vault for storing the certificate that is used for App Context function calls to Office 365.

Figure 5: Azure Key Vault

By default, the name of the Key Vault is based on the naming convention:

Naming Convention
Format <DEPT[2|4]>-KV-<SERVICE[3|6]>-<ENVIRONMENT[2|4]><REGION[2|3]>
Example RC-KV-MAKE-DEV-WE
RC-KV-MAKE-TST-WE

Access Policies

The installation user account and the Make application will be given permissions to access the Key Vault by defining policies for both principals.

Figure 6: Access Policies

The installation user account is granted all permissions for Keys, Secrets and Certificates.
The Make application is granted just Get permissions for Secrets. This is necessary to get the certificate with the private key that will be used for signing the call to SharePoint Online.

What's on this Page