To be used as an Orchestrator credential store, Azure Key Vault must be enabled in web.config and then configured by the Host administrator.

Prerequisites

• The Key Vault plugin is set in your Orchestrator web.config file as described here.
• Create the Key Vault to be used with Orchestrator in your Azure account. See Microsoft's official documentation here for details.

Configuration

In the App Registrations pane of the Azure Portal, follow these steps:

1. Create a new app registration.
2. Copy the Application (Client) ID for later use.
3. Go to Manage > Certificates & Secrets > New client secret, and add a new client secret. Make a note of the expiration you chose and create a new secret before that.
4. Copy the Value of the secret for later use.

In the Azure Key Vault, follow these steps:

1. Access the Key Vault's Overview page, and copy the Vault URI and Directory ID for later use.
2. Select Settings > Access Policies from the menu on the left.
3. Click Add access policy.
4. From the Configure from template (optional) drop-down menu, select Secret Management.
5. Click None selected in the Authorized application section to enable the Select principal field.
6. Enter the app registration name, confirm that the Application ID is correct, and select this principal.
7. Click Add.
8. Click Save.

You are now ready to use Vault URI, Directory ID, Application (Client) ID and the secret's Value to configure a new credential store.