The following shows how to create the Azure Key Vault.

  1. Search for Key Vault in the Azure portal and then select Key vaults in the results.
  2. Click Add. 
  3. In the Create key vault section, enter the name for the Key Vault. In this example, create a SignServer Crypto Token vault for SignServer and use the name SignServerKeyVault. Note the name down since it will be required in SignServer when creating a Crypto Token.
  4. Specify the same Resource Group that the SignServer Instance uses.
  5. Under Pricing tier, there are two options, Standard and Premium. It is recommended to choose Premium and then click Select.
  6. Click Next to create an Access Policy from the Create Key Vault dialog, and then click Add Access Policy.
  7. Select Key Management from the Configure from template list.
  8. Select Key Permissions.
  9. Select all of the permissions under Cryptographic Operations.
  10. Click Select Principal.
  11. Search for the App Registration added in the previous section Creating an App Registration in Active Directory. In this example, select the name "signserver-vault" and click Select.
  12. Click Add on the Add access policy screen.
  13. Click OK on the Access policies screen.
  14. Click Next to configure Networking the Virtual Network Access section.
  15. Select Public endpoint.
  16. Click Add existing virtual networks.
  17. From the Add networks list, select the virtual network in the resource group that SignServer Cloud was deployed into. In this example, SignServer_With_KeyVault.
  18. Click Select All under Subnets.  Click Enable and wait for Azure to enable the service endpoint.
  19. Once completed, click Add.
  20. Click Next to assign any Tags if desired.
  21. Click Next to Review the configuration.
     
  22. Click Create and wait for the deployment to complete.
  23. Once the deployment completes, proceed to the next section to view Keys in Key Vault.