Using Azure Vault for Credential Management Service

Azure Key Vault is a tool for securely storing and accessing secrets.

A new Azure Vault provider is added for the credential management for the property of type password.

Azure Vault is only supported on the Docker platform.

The Azure Vault has two fields:

  • Vault Name: Name of the vault.
  • Secret Name: Path of the Secret.

On TIBCO Business Studio for BusinessWorks, the format is stored as #<AZURE_VAULT_NAME>::<AZURE_SECRET_KEY>#.

You can use Azure Vault as a credential management service for module properties. When using it to export the profile as a properties file, the property value uses the following format:

AzureVault::vaultName::secretKey

Note: While creating a ConfigMap from the deployment.yml file, ensure that the value of the property must be in the following format: AzureVault::vaultName::secretKey

TIBCO Business Studio for BusinessWorks supports two authorization methods to connect to the Azure Vault:

  • Service principle and secrets
  • Managed identities for Azure resources

To enable the Azure Vault credential management system, pass the following environment variables at runtime:

For Service principle and secrets

  • AZURE_VAULT
  • APP_CONFIG_PROFILE
  • AZURE_CLIENT_ID
  • AZURE_CLIENT_SECRET
  • AZURE_TENANT_ID

For Managed identities for Azure resources

  • AZURE_VAULT
  • APP_CONFIG_PROFILE
Note: Managed identities are used when the application is running on Azure.

For more information on the environment variables, see Environment Variables.