Follow the steps below to create Azure Key Vault credentials with the Azure web console.

Registering an Azure AD Application

Register an Azure AD (Active Directory) application as explained below.

To register an Azure AD application

1. Log in to the Azure Portal at https://portal.azure.com
2. Navigate to Azure Active Directory → App registrations
3. Click New registration
4. Enter a name – for example: "KeyVault-Discovery-Plugin".
5. Select Accounts in this organizational directory only for supported account types.
6. Click Register
7. On the application overview page, note the Application (client) ID and Directory (tenant) ID.

Creating a client secret

Create a client secret as explained below.

To create a client secret

1. In your registered application, navigate to Certificates & secrets
2. Click New client secret
3. Enter a description – for example: "Discovery Plugin Secret".
4. Select an expiration period – for example: 6 months, 12 months, 24 months, or custom.
5. Click Add.
6. Immediately copy the secret Value. 

   You won't be able to see this value again.

7. Use this value as clientSecret in the plugin configuration

Granting permissions to Key Vault

Grant permissions to your Key Vault in Azure.

To grant permissions to Key Value

1. Navigate to your Key Vault in the Azure Portal
2. Click Access policies in the left menu
3. Click Create (or + Add Access Policy on older portal versions)
4. Select the following permissions:
   • Certificate permissions: Get, List
   • Key permissions: Get, List
   • Secret permissions: Get, List
5. Click Next and search for your application name
6. Select your application and click Next
7. Review and click Create to save the access policy