Set up Azure Key Vault to use managed identity-based authentication

Overview

As you set up the Azure Key Vault, collect the following values required in the Snaplex node configuration file from the Azure Portal:
  • Vault URI of your Key Vault: Overview > Essentials > Vault URI
  • Client ID of your user-assigned managed identity required in the Snaplex node configuration file: Managed Identities > (Your managed identity name) > Overview > Essentials > Client ID

To use managed identity-based authentication mode in the Snaps, set up the SnapLogic account using an expression that calls secrets.read with the alias name for the secret object.

  1. Create an Azure Key Vault.
  2. In the Azure Portal, set up the access policies and enable managed identity.
    1. Navigate to the Managed Identities service and ensure that you have defined the user-assigned managed identity .
      Tip: This step is optional if you choose to use your system-assigned managed identity defined at the time of creating your Azure Key Vault instance.
    2. Navigate to the Key Vault resource in the Azure portal and select Access Policies (IAM) from the left navigation menu.
    3. If the Azure built-in roles do not meet your specific needs, configure a role to use with the Azure Key Vault.
    4. Assign this role to the managed identity.

      The minimum access required on the Azure Key Vault is read and write (secrets). Refer to Role assignment permissions for details.

      • Use a system-assigned managed identity to assign permissions on a resource.
      • Use a user-assigned managed identity to assign permissions on a resource group.
    5. Assign the managed identity to the Groundplex node (VM).
  3. Configure Groundplex Nodes.
  4. Configure dynamic SnapLogic accounts to connect to Azure Key Vault and to authenticate.