Update License Secret in Azure Key Vault

Prerequisites

Azure Roles:

• You must have the Key Vault Administrator role for the key vault to add the new license key secret.

• You must have the Contributor role for the key vault to change the network settings of the key vault.

• You must have the Contributor role for the App Service to restart the App Service.

Step 1: Turn on Public Access to Key Vault (Temporary)

1. Go to the Azure Portal.

2. Navigate to your Key Vault.

3. In the left pane, select Networking in the Settings section.

1. Under Firewalls and Virtual Networks, switch from 'Disable public access' to 'Allow public access from specific virtual networks and IP addresses'.

1. Click on Add your client IP address.

1. Open a browser and search “What is my IP” to get your IP address.

1. Copy the IP address and enter it into IP address or CIDR.

1. Click Apply.

Step 2: Update the License Secret in Azure Key Vault

1. Go to the Secrets section under the Objects menu in the Key Vault.

1. Click on workspaceLicense.

1. Click + New Version.

1. Enter your license key into 'Secret value' and click Create.

Step 3: Ensure App Service Picks Up the New Secret

1. Go to the Environment Variables section in the App Service.

1. Search for “BOOTSTRAP_ON_PREMISE_WORKSPACE_LICENSE” in the search bar.

1. Click “BOOTSTRAP_ON_PREMISE_WORKSPACE_LICENSE” and then copy both the name and value and paste them in a notepad; we will need to use them later.

1. Close this window, and delete this environment variable now.

1. Click Apply.

1. Once the configurations are applied, we need to add the removed env to the app service back again. To do this, click +Add.

1. Now paste the copied values into the name and value fields and click Apply.

Step 4: Revert Key Vault to Private Access.

Go back to Key Vault’s Networking section, select Disable public access, and then click Apply.