Create a key vault

Owned by
Phillip Hanegan
Last updated: Jan 20, 2022
2 min read

The SharePoint Online microservice requires a key vault with a certificate for certificate-based authentication between the microservice and the service principal registered for it. Additionally, the key vault needs to be configured with an access policy that grants key, secret, and certificate permissions to assigned applications. These permissions will be granted to the SharePoint Online app service hosting the microservice.

Create the key vault and certificate

  1. In Azure, create a key vault.

  2. Navigate to the Certificate page for the key vault and generate a self-signed certificate for it.

     

  3. Download the certificate in CER format. You will add this to the service principal you created with the Graph and SharePoint API permissions.

     

Add access policy to the key vault

  1. Navigate to the Access policies blade for the key vault and add an access policy to it with the below Key, Secret and Certificate permissions.

    • Key Permissions

      • Get

      • Decrypt

      • Unwrap Key

      • Verify

    • Secret Permissions

      • Get

      • List

      • Set

      • Delete

      • Purge

    • Certificate Permissions

      • Get

  2. Select the SharePoint Online app service you created earlier as the service principal.

     

Upload the certificate to the service principal

  1. Navigate to the Certificates & Secrets blade for the service principal you created with the Graph and SharePoint API permissions.

  2. Upload the certificate you downloaded from the key vault.

Next steps

Provision a Cosmos DB Account for SharePoint Online

Add application settings to the app service

Publish the SharePoint Online Microservice

IN THIS ARTICLE

Â