How to create a key vault using the UKCloud Azure Stack Hub portal
Key Vault in Azure Stack Hub helps safeguard cryptographic keys and secrets that cloud applications and services use. By using Key Vault, you can encrypt keys and secrets.
The following process shows you how to setup a vault within Azure Stack Hub's Key Vault, store a secret in the vault and how to view the secret using the Azure Stack Hub Portal.
To complete the steps in this guide, you must have appropriate access to a subscription in the Azure Stack Hub portal.
Creating a new key vault
Log in to the Azure Stack Hub portal.
For more detailed instructions, see the Getting Started Guide for UKCloud for Microsoft Azure.
In the favourites panel, select Create a resource.
In the New blade, select Security + Identity.
In the Security + Identity blade, select Key Vault.
In the Create key vault blade, enter the following information:
Subscription - This is your UKCloud for Microsoft Azure subscription.
Resource group - Select an existing resource group, or create a new one by clicking the Create new link and then typing a name for your new resource group in the pop-out window.
Key vault name - The name of the key vault.
Region - This will be
frn00006, which is the Azure Stack Hub region.
Pricing tier - Azure Stack Hub only offers the Standard pricing tier.
Access policy tab
Enable Access to: - Select the check boxes to specify whether certain Azure services are allowed access to the key vault.
Current Access Policies - Select +Add access policy to configure the permissions that a user, group or service principal has to the key vault.
Click Review + create.
On the Review + create tab, review the selections you've made and then click Create to start the deployment.
You can monitor the progress of your key vault's deployment by clicking the Notifications icon.
Adding a secret to the key vault
Once the key vault has been deployed, navigate to it by clicking All services in the favourites panel, then selecting Key Vaults under the Security section.
Select your key vault from the list.
In the Settings section of the key vault blade, select Secrets.
On the Secrets page, click the + Generate/Import button.
In the Create a secret blade, enter the following information:
Upload Options - Manually enter a secret or upload an x.509 certificate.
Name - The name of the secret. Secret names can only contain alphanumeric characters and dashes.
Value - The value you are storing as a secret.
Content Type - The type of content contained in the secret (for example, Password). There are no pre-defined values for this field.
Activation Date - Specifies when the secret will become active.
Expiration Date - Specifies when the secret will become inactive.
Enabled - Indicates whether or not the secret data can be retrieved.
Viewing the secret
Once you've created the secret, select it on the Secrets page.
On the secret's blade, select the current version.
On the current version's blade, click the Show secret value button.
If you find a problem with this article, click Improve this Doc to make the change yourself or raise an issue in GitHub. If you have an idea for how we could improve any of our services, send an email to firstname.lastname@example.org.