Reputation: 273
I need help to define policy to Azure KeyVault Key (not secret) similar to code below. Since we already have the keyvault created I cant use below code.
What we are doing: We are creating Key and attaching the URL to SQL PAAS for TDE SQL Server TDE with Azure KeyVault
Below is the example of creating vault and setting up policy
var vault = azure.Vaults.Define(vaultName)
.WithRegion(Region.USSouthCentral)
.WithExistingResourceGroup(rgName)
.DefineAccessPolicy()
.ForObjectId(sqlServer.SystemAssignedManagedServiceIdentityPrincipalId)
.AllowKeyPermissions(KeyPermissions.WrapKey, KeyPermissions.UnwrapKey, KeyPermissions.Get, KeyPermissions.List)
.Attach()
.DefineAccessPolicy()
.ForServicePrincipal(Azure_SP_ClientId)
.AllowKeyAllPermissions()
.Attach()
.Create();
Upvotes: 0
Views: 120
Reputation: 23141
According to my test, if you want to define a new policy for an existing key vault and manage sql key in Key Vault, please refer to the following code
var vault1 = azure.Vaults.GetByResourceGroup();
var vault1 = vault1.Update()
.DefineAccessPolicy()
.ForServicePrincipal("your application id")
.AllowKeyAllPermissions()
.Attach()
.Apply();
var key = vault1.Keys.Define(keyname)
.WithKeyTypeToCreate(JsonWebKeyType.RSA)
.WithKeyOperations(JsonWebKeyOperation.ALL_OPERATIONS)
.Create();
var sql =azure.SqlServers.GetByResourceGroup(groupName, name);
SqlServerKey sqlServerKey= sql.ServerKeys.Define().WithAzureKeyVaultKey(key.JsonWebKey.Kid)
.Create();
Upvotes: 1