user2463514
user2463514

Reputation: 273

Define Policy on Azure KeyVault Key using KeyVaultClient

I need help to define policy to Azure KeyVault Key (not secret) similar to code below. Since we already have the keyvault created I cant use below code.

What we are doing: We are creating Key and attaching the URL to SQL PAAS for TDE SQL Server TDE with Azure KeyVault

Below is the example of creating vault and setting up policy

var vault = azure.Vaults.Define(vaultName)
                    .WithRegion(Region.USSouthCentral)
                    .WithExistingResourceGroup(rgName)
                    .DefineAccessPolicy()
                        .ForObjectId(sqlServer.SystemAssignedManagedServiceIdentityPrincipalId)
                        .AllowKeyPermissions(KeyPermissions.WrapKey, KeyPermissions.UnwrapKey, KeyPermissions.Get, KeyPermissions.List)
                        .Attach()
                    .DefineAccessPolicy()
                        .ForServicePrincipal(Azure_SP_ClientId)
                        .AllowKeyAllPermissions()
                        .Attach()
                    .Create();

Upvotes: 0

Views: 120

Answers (1)

Jim Xu
Jim Xu

Reputation: 23141

According to my test, if you want to define a new policy for an existing key vault and manage sql key in Key Vault, please refer to the following code

 var vault1 = azure.Vaults.GetByResourceGroup();
              var  vault1 = vault1.Update()
                        .DefineAccessPolicy()
                            .ForServicePrincipal("your application id")
                            .AllowKeyAllPermissions()
                            .Attach()
                        .Apply();
           var key = vault1.Keys.Define(keyname)
                  .WithKeyTypeToCreate(JsonWebKeyType.RSA)
                  .WithKeyOperations(JsonWebKeyOperation.ALL_OPERATIONS)
                  .Create();
            var sql =azure.SqlServers.GetByResourceGroup(groupName, name);

            SqlServerKey sqlServerKey= sql.ServerKeys.Define().WithAzureKeyVaultKey(key.JsonWebKey.Kid)
                 .Create();

Upvotes: 1

Related Questions