Set up Azure configuration

In the Azure portal, set up Groundplex nodes as system or user-assigned identities and one more Key Vaults.

Use the Azure Portal to set up:

  • Groundplex nodes as managed identities. Managed identities can be system- or user-assigned:
    • System-assigned managed identities allow you to configure one resource at a time.
    • User-assigned managed identities allow you to configure multiple resources as a group.
  • One or more Key Vaults to hold your secrets. Each vault must have an IAM role defined that grants the appropriate access to the Groundplex managed identities.
The resources do not need to be configured in the order specified below. For example, you might already have an Azure Key Vault or Groundplex VM managed identities. The steps below describe configuration that must be complete in the Azure Portal to use Secrets Management before configuring your Groundplex nodes or Snap accounts:
  1. Follow the Microsoft documentation to set up the managed identities for the Groundplex node VMs. You can create new VMs to run Groundplex nodes or associate a managed identity with existing VMs that are running Groundplex nodes.
  2. If you don't have an Azure Key Vault, follow Microsoft documentation to create one.
  3. Verify or create the IAM role that you will assign to the Groundplex nodes:
    1. Navigate to the Key Vault resource in the Azure portal and select Access Policies (IAM) from the left navigation menu.
    2. If the Key Vault built-in roles don't meet your specific needs, configure a role to use with the Azure Key Vault. We recommend a role with read-only access.
  4. Assign this role to the managed identity.
Configure the Groundplex nodes.