You can use the CVConfigureAzureAppForKeyVault tool that is available in the Commvault Store to create a new service principal for an Azure Key Vault Key Management Server (KMS).
Before You Begin
-
Review the prerequisites to use the tool.
-
Download the CVConfigureAzureAppForKeyVault tool from the Commvault Cloud Store.
Procedure
-
Execute the following command:
CVConfigureAzureAppForKeyVault.ps1 -SubscriptionId -KeyVaultNameWhere,
-
SubscriptionId is the subscription ID of Azure account.
-
KeyVaultName is the name of the Azure Key Vault server.
-
Results
The following are the sequence of steps that happen after script execution:
-
Creates a service principal in the Azure Active Directory (AD).
-
Assigns Key Vault Administrator role on Azure Key Vault.
-
Sets access policy on Key Vault with the following permissions to the keys - unwrapKey, get, create, update and delete.
-
Prints the following information in the output - TenantId, ApplicationId, Certificate file path, thumbprint and password. Note this information.
What to Do Next
-
Copy the certificate to CommServe computer and note down the certificate file path on the CommServe.
-
Add the Azure Key Vault Key Management Server (KMS) or replace the certificate on an existing KMS.
Note
If the CommServe is on Service Pack 20 and an earlier version of Commvault, you can use thumbprint marked with 11.20 or below.