> Commvault Cloud > Security and Compliance > Managing a Key Management Server > Adding a Key Management Server

Adding an Azure Key Vault Server

You can add or modify an Azure Key Vault server with or without access node from the Command Center.

Before You Begin

  • If you plan to use IAM AD APP authentication type, you must register application with Microsoft Entra ID and note the Tenant ID (directory ID), Application ID, and Application Secret.

  • If you plan to use IAM VM Role (Managed Identity) authentication type, you must enable managed identity for the access node VM in the Azure portal.

  • Set Key Vault to use the Azure role-based access control permission model under Access configuration in Azure Portal.

  • Assign Key Vault Administrator role to App or Managed Identify on the key vault. Alternatively, you can create a custom role with below permissions and use that role.

    • Read Key Properties and Public Key

    • Update Key

    • Create Key

    • Delete Key

    • Wrap with Key

    • Unwrap with Key

Procedure

  1. From the navigation pane, go to Manage > Security.

    The Security page appears.

  2. Click the Key management servers tile.

    The Key management servers page appears.

  3. Click Add at the top right, and then select Azure Key Vault.

    The Add Azure Key Vault dialog box appears.

  4. In the Name box, enter the name of the key provider.

  5. From the Encryption Type list, select the encryption type.

  6. From the Encryption key length list, select the key length to use.

  7. In the Key vault name box, enter the name of the Azure Key Vault.

  8. From the Authentication Type list, select an authentication type: IAM AD Application (Microsoft Entra) or IAM VM Role (Managed Identity).

  9. If you selected IAM AD APP authentication type, enter the following information:

    • Tenant ID: Enter the tenant ID for the Azure account.

    • Application ID: Enter the application ID for the tenant.

    • Application Secret: Enter the application secret for the tenant.

    • Environment: Select the Azure cloud environment to use.

    • Authentication endpoint: Enter the endpoint for authentication.

    • Key vault endpoint: Enter the endpoint to connect with Azure key vault.

  10. To use the Access Node, complete the following steps:

    1. Move the Use Access Node toggle key to the right, and then click Add.

      The Access node dialog box appears.

    2. From the Access Node list, select the Backup Gateway that you want to use as an access node.

    3. From the Authentication Type list, select an authentication type, and provide any additional information requested.

    4. Click Submit.

  11. Click Submit.

Loading...