Create a key vault
The SharePoint Online microservice requires a key vault with a certificate for certificate-based authentication between the microservice and the service principal registered for it. Additionally, the key vault needs to be configured with an access policy that grants key, secret, and certificate permissions to assigned applications. These permissions will be granted to the SharePoint Online app service hosting the microservice.
Create the key vault and certificate
In Azure, create a key vault.
Navigate to the Certificate page for the key vault and generate a self-signed certificate for it.
Â
Download the certificate in CER format. You will add this to the service principal you created with the Graph and SharePoint API permissions.
Â
Add access policy to the key vault
Navigate to the Access policies blade for the key vault and add an access policy to it with the below Key, Secret and Certificate permissions.
Key Permissions
Get
Decrypt
Unwrap Key
Verify
Secret Permissions
Get
List
Set
Delete
Purge
Certificate Permissions
Get
Select the SharePoint Online app service you created earlier as the service principal.
Â
Upload the certificate to the service principal
Navigate to the Certificates & Secrets blade for the service principal you created with the Graph and SharePoint API permissions.
Upload the certificate you downloaded from the key vault.
Next steps
Provision a Cosmos DB Account for SharePoint Online
IN THIS ARTICLE
Â