Configure Secrets for the MS Online Microservice

Owned by Phillip Hanegan
Oct 13, 2020
3 min read

After you have published the MS Online microservice to Azure, you need to create a Key Vault in Azure (if needed), adding secrets to the Key Vault and configuring the App Service Application settings with those secrets.

How to configure secrets for the MS Online microservice

  1. In Azure, create a Key Vault if you do not already have one or want to create a new one.

  2. Navigate to the Key Vault blade for the appropriate Key Vault.

  3. On the navbar for the Key Vault, under Settings, click Access Policies.

  4. Click + Add Access Policy.

     

  5. Click the Key Permissions drop-down and select the Get, Decrypt, Unwrap Key, and Verify operations.



  6. Click the Secret permissions drop-down and select the Get operations.



  7. Under Select principal, click None Selected.

     

  8. Search for and select the Managed Identity for the MS Online App Service.

     

  9. Click Select to select the principal.

  10. On the Add access policy blade, click Add.



  11. Click Save.

     

  12. On the navbar for the Key Vault, under Settings, click Secrets.

  13. On the Secrets blade, click Generate/Import.

     

  14. On the Create a secret page, do the following to create the first secret:

    1. Name — Enter EIDMSOLAdminUser.

    2. Value — Enter a value for the secret, such as admin@eiddco.onmicrosoft.com.

    3. Click Create.

       

  15. Back on the Secrets blade, click Generate/Import again.

  16. On the Create a secret blade, do the following to create the second secret:

    1. Name — Enter EIDMSOLUserPassword.

    2. Value — Enter a password for the secret.

    3. Click Create.

  17. Back on the Secrets blade, click the record for the first secret you created.

  18. Click the Current Version to go to the Properties blade for the secret.

     

  19. On the Properties blade, copy the Secret Identifier. You will use this value later.

     

  20. Return to the Secrets page and repeat steps 16, 17, 18 and 18 for the second secret.

  21. Navigate to the MS Online App Service you created earlier.

  22. On the navbar for the App Service, under Settings, click Configuration.

  23. Under Application settings, click New application setting.



  24. In the Add/Edit application setting pane, do the following:

    1. Name — Enter the name you gave the to the first secret.

    2. Value — Enter @Microsoft.KeyVault(SecretUri={The_Secret_Identifier_For_The_First_Secret}), replacing {The_Secret_Identifier_For_The_First_Secret} with the actual Secret Identifier for the secret.

    3. Click OK.

       

  25. Back in the Application settings tab of the Configuration blade, click New Application setting.

  26. In the Add/Edit application setting pane, do the following:

    1. Name — Enter the name you gave the to the second secret.

    2. Value — Enter @Microsoft.KeyVault(SecretUri={The_Secret_Identifier_For_The_Second_Secret}), replacing {The_Secret_Identifier_For_The_Second_Secret} with the actual Secret Identifier for the secret.

    3. Click OK.

  27. Click Save on the Configuration blade.

     

  28. Click Continue to confirm that you want to save changes.