Creating Azure Key Vault

The following shows how to create the Azure Key Vault.

  1. Search for Key Vault in the Azure portal and then select Key vaults in the results.
  2. Click Add. 
  3. In the Create key vault section, enter the name for the Key Vault. In this example, create the key vault for the Root CA and use the name EJBCARootKeyVault. Note the name down since it will be required in EJBCA when creating a Crypto Token in the next step Creating an Azure Key Vault Crypto Token in EJBCA. Then specify the same Resource Group that the EJBCA Instance uses.
  4. Under Pricing tier, there are two options, Standard and Premium. It is recommended to choose Premium and then click Select.
  5. Click Access Policies from the Create Key Vault dialog, and then click Add new.
  6. Select Key Management from the Configure from template list.
  7. Click Select Principal.
  8. Search for the App Registration added in the previous section Creating an App Registration in Active Directory. In this example, we used the name "ejbca-vault". Select it and click Select.
  9. Select Key Permissions.
  10. Select all of the permissions under Cryptographic Operations.
  11. Click Add on the Add access policy screen.
  12. Click OK on the Access policies screen.
  13. Click the Virtual Network Access section.
  14. Select to Allow access from Selected networks, and then click Add existing virtual networks.
  15. From the Virtual networks list, select the virtual network in the resource group that EJBCA Cloud was deployed into. In this example, EJBCA_With_KeyVault-vnet.
  16. Click Select All under Subnets.
  17. Once completed, click Add and then click Save. 
  18. Click Create and wait from the deployment to complete.
  19. Once the deployment completes, proceed to the next section to create an Azure Key Vault Crypto Token in EJBCA.