The Commvault Cloud software needs a service principal in the Azure Active Directory to connect to Azure Key Vault Key Management Server (KMS). You can use the CVConfigureAzureAppForKeyVault tool to create a service principal in the Azure Active Directory and set appropriate roles to access the KMS. Using the tool, you can also renew credentials for an existing service principal.
Prerequisites to Run the Tool
-
Run the tool on any computer that has PowerShell.
-
Windows PowerShell 5.1 or later (7.x is recommended)
-
Azure Az PowerShell 7.x.x or later (Script automatically installs Az module if not present)
-
-
The computer must have .net framework 4.7.2 or later.
-
Ensure that the PowerShell execution policy is set to unrestricted to run the scripts. Run the following command to set the execution policy to unrestricted.
set-ExecutionPolicy -ExecutionPolicy Unrestricted -
The Azure user who runs the tool must have the following roles on the key vault - Contributor and User Access Administrator.