You can use the CVConfigureAzureAppForKeyVault tool that is available in the Commvault Store to update the service principal for an Azure Key Vault Key Management Server (KMS).
Before You Begin
-
Review the prerequisites to use the tool.
-
Download the CVConfigureAzureAppForKeyVault tool from the Commvault Store.
Procedure
-
Execute the following command:
CVConfigureAzureAppForKeyVault.ps1 -SubscriptionId -KeyVaultName -ApplicationIdWhere,
-
SubscriptionId is the subscription ID of Azure account.
-
KeyVaultName is the name of the Azure Key Vault.
-
ApplicationId is the ID of the Azure Key Vault application.
-
Results
The following are the sequence of steps that happen after script execution:
-
Creates a service principal in the Azure Active Directory (AD).
-
Assigns Key Vault Administrator role on Azure Key Vault.
-
Sets access policy on Key Vault with the following permissions to the keys - unwrapKey, get, create, update and delete.
-
Prints the following information in the output - TenantId, ApplicationId, Certificate file path, thumbprint and password. Note this information.
What to Do Next
-
Copy the certificate to CommServe computer and note down the certificate file path on the CommServe.
-
Update the new certificate file path and the certificate thumbprint.
Note
If the CommServe is on Service Pack 20 and an earlier version of Commvault, you can use thumbprint marked with 11.20 or below.