Azure Requirements for KeyControl BYOK

• In version 5.5, KeyControl supports only Azure public cloud. Azure China, Azure Germany, and Azure Government are not supported.
• Only one service principal should be used per Azure account.
• Do not share the Azure BYOK service principal credentials.
• Do not enable Purge Protection on Key Vaults.
• Do not connect more than one KeyControl cluster to the same Azure account.

Configuration overview:

1. Creating a service principal.

2. Creating a service application in Azure Portal.

3. Creating a client secret in Azure Active Directory

4. Set permission for the BYOK service by configuring each Azure Key Vault

5. Creating a CSP account in Azure.