Skip to content
QCecuring Documentation

Azure Key Vault

Azure Key Vault Integration

Section titled “Azure Key Vault Integration”

Short Summary: Securely store certificates in Azure Key Vault.

Prerequisites

Section titled “Prerequisites”
  • Azure App Registration: Create an App Registration in AAD.
  • Client Secret: Generate a secret for the App.
  • Access Policy: Grant the App Key Vault Secrets Officer or Certificate Import permissions on the Vault.

Configuration

Section titled “Configuration”
  1. Navigate: Admin > Cert Stores > Add New.
  2. Select Provider: Azure Key Vault.
  3. Vault URL: https://my-vault.vault.azure.net/.
  4. Tenant ID, Client ID, Client Secret.

Automation

Section titled “Automation”

When a certificate is renewed:

  1. SSL-CLM pushes the new version to Key Vault as a new version of the Secret/Certificate object.
  2. Azure services (App Service, Application Gateway) automatically pick up the new version within 24 hours (or upon restart).