# Key Vault Integration

Secure key management is essential to protect data in the cloud. Use Azure Key Vault to encrypt keys and small secrets like passwords and share it securely to the application with Zero trust.

#### Create Key Vault

* Select the option ‘Create a resource’ from Azure home page
* Search for the resource type ‘Key vault’ in Azure Marketplace and select the service ‘Key Vault by Microsoft’ from the results
* Click on ‘Create’
* In Basics tab, select the same Subscription, Resource Group and Region as the pre-existing Inforiver deployment and give a valid name for key vault
* Under Access policy tab, you could either choose ‘Vault access policy’ or ‘Azure RBAC’ as permission model. In this guide we are going with ‘Vault access policy’ and make sure you have proper rights under ‘Access policies’
* In Networking, Uncheck the option ‘Enable public access’ and create a private endpoint in the ‘private’ subnet of the Inforiver VNet with private DNS Zone enabled
* Validate everything and click on Create

<figure><img src="/files/lYlfIAmjOclBNpR0EN08" alt=""><figcaption></figcaption></figure>

* Once completed, you should see 3 new resources added to the Inforiver Resource group

#### Configure Key Vault

* From Inforiver App service, enable ‘System assigned managed Identity’ and save. Copy the created object ID, this will be used to assign permissions on Key vault to get secrets
* From Key Vault, Create a new access policy
* Under ‘Permissions’ tab, select ‘Secret Management’ as template and choose only ‘List’ and ‘Get’ in ‘Secret permissions’
* Under Principal tab, search using the copied object ID and select the listed principal
* Validate everything and create

<figure><img src="/files/U84AoLoLRgNpIwYEvffW" alt=""><figcaption></figcaption></figure>

* Enable Public access for Key vault temporarily to create secrets
* From App service configuration page, copy each confidential environment variable’s name and value then create them as secrets in Key vault
* Key vault secret names cannot contain special characters, so you need to remove the underscores in the name. For example: ‘SMTP\_API\_KEY’ will need to be changed into ‘SMTPAPIKEY’
* We recommend creating these listed secrets in Key vault

<figure><img src="/files/UG0XdfKAyhNTNUPqNxQQ" alt=""><figcaption></figcaption></figure>

#### Configure App Service

* Once you have created (copied from app service) all the secrets, you need to change the app configuration values to reference the key vault secrets instead of direct plain text passwords.\
  Reference example: @Microsoft.KeyVault(SecretUri=<https://.vault.azure.net/secrets//>)

<figure><img src="/files/HrzGaxl7lF3JSQsz5Ffx" alt=""><figcaption></figcaption></figure>

* Editing App Service Environment values

<figure><img src="/files/5fHVVQsGQmC7rVUyAXEQ" alt=""><figcaption></figcaption></figure>

* Making sure that every secret is updated with key vault reference and then click on Save
* Please note that clicking on ‘Continue’ here will restart the app service
* Check if the app restart is successful and you can login to Inforiver
* Finally, disable the ‘Public access’ in Key vault and restart the app service once again to validate if the app service could connect to it using private endpoint
* Validate in Inforiver management portal, metrics tab that everything works and green.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.inforiver.com/inforiver-enterprise-on-prem/how-to-guides/key-vault-integration.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.