Accessing VDS credentials in Azure Key Vault

Contributors tvanroo Download PDF of this page

Overview

CWASetup 5.4 is a departure from previous Azure deployment methods. The configuration and validation process is streamlined to reduce the amount of information required to begin a deployment. Many of those removed prompts are for credentials or accounts such as Local VM Admin, SMTP account, Tech account, SQL SA, etc. These accounts are now automatically generated and stored in an Azure Key Vault. By default, accessing these automatically generated accounts requires an additional step, described below.

  • Find the 'Key vault' resource and click into it:

    Management.System Administration.azure key vault 4d897

  • Under ‘Settings’, click ‘Secrets’. You’ll see a message stating that you are unauthorized to view:

    Management.System Administration.azure key vault 0f7b9

  • Add an ‘Access Policy’ to grant an Azure AD account (like a Global Admin or System Administrator) access to these sensitive keys:

    Management.System Administration.azure key vault fe473

  • A Global Admin is used in this example. After selecting the principal, click ‘Select’, then ‘Add’:

    Management.System Administration.azure key vault 3ae42

  • Click ‘Save’:

    Management.System Administration.azure key vault 15c03

  • Access policy has been successfully added:

    Management.System Administration.azure key vault 770dd

  • Revisit the ‘Secrets’ to verify the account now has access to the deployment accounts:

    Management.System Administration.azure key vault e277a

  • For example, if you required the Domain Administrator credential to login to CWMGR1 and update Group Policy, check the strings under cjDomainAdministratorName and cjDomainAdministratorPassword by clicking on each entry:

    Management.System Administration.azure key vault 69e35

    Management.System Administration.azure key vault 83926

  • Show or Copy the value:

    Management.System Administration.azure key vault c9405