Adding a CSP Account for Azure

You must have created a service account in Azure before you can add a CSP account. For more information see Configuring Azure for KeyControl BYOK.

1. Log into the KeyControl Vault for Cloud Keys webGUI using an account with Cloud Admin privileges.
2. In the top menu bar, click CloudKeys.
3. Click the CSP Accounts tab and select Actions > Add CSP Account.

4. On the Details tab of the Add CSP dialog box, enter the account details.

   Field	Description
   Name	The name you want to use for the CSP Account.
   Description	An optional description of the CSP Account.
   Admin Group	Select the Admin Group that you want to use for the account.
   Type	Select AZURE.
   Azure AD Tenant ID	Enter the Azure account tenant ID. You can find this in Azure under Azure > Azure Active Directory.
   Subscription ID	The Azure subscription ID. You can find this in Azure under Azure > Subscriptions.
   Application (client) ID	The Service Principal client ID. Click the link to update the Client ID and Client Secret. You can find this in Azure under Azure > Azure Active Directory > App Registrations > <your BYOK application>.
   Client Secret	The Azure Service Principal secret that you created.
   Application Object ID	The Object ID of your BYOK application. You can find this in Azure under Azure > Azure Active Directory > App Registrations > <your BYOK application>.

5. Click Continue.

6. On the Schedule tab, determine the rotation schedule for the client secret. This can be one of the following: 

   • Never—The client secrets will never be rotated.

     Note: If you did not grant the required permissions for credential rotation to the app, you must leave this set to Never. For more information, see Creating a Service Principal.

   • Every x days—The client secrets will be rotated on a daily basis. The minimum is 1 day and the maximum is 540 days.
   • Every x weeks—The client secrets will be rotated on a weekly basis. The minimum is 1 week and the maximum is 72 weeks.
   • Every x months—The client secrets will be rotated on a monthly basis. The minimum is 1 month and the maximum is 18 months.
   • Every x years—The client secrets will be rotated on a yearly basis. The minimum is 1 year and the maximum is 1 year.

   Important: When the Azure client secret is rotated, the KeyControl Vault for Cloud Keys creates a new secret and replaces the secret that was used when you registered the CSP account. Please do not delete this secret from Azure portal.

7. Click Add.