Azure Vault for Certificate Management

Azure Vault is used to integrate with TIBCO BusinessWorks Container Edition for certificate management to retrieve and store certificates from the vault to use within the applications.

This feature retrieves certificates and keys from the Azure Vault instead of maintaining a local copy of the certificate within the EAR application. With this configuration, the application is able to pull certificates from the Azure Vault and use that in the application.

The Azure Vault for certificate management has the following fields:

  • Vault Name: Name of the vault.

  • Certificate: Name of the certificate.

  • Password: Name of the password field module property that specifies the password of the certificate. The module property can be selected from the dropdown menu.

 

To import the certificate in the Azure Vault from the command line, use the following command:

az keyvault certificate import --file <CERTIFICATE_TO_BE_IMPORTED> --name <CERTIFICATE_NAME> --password <PASSWORD> --vault-name <KEY_VAULT_NAME>

CERTIFICATE_TO_BE_IMPORTED - Path of the certificate to be imported in the Azure Vault.

CERTIFICATE_NAME - Name of the certificate

KEY_VAULT_NAME - Name of the key vault used to store the certificate.

 

On TIBCO Business Studio for BusinessWorks, the format is stored as #<KEY_VAULT_NAME>::<CERTIFICATE_NAME>::<PASSWORD>#.

TIBCO Business Studio for BusinessWorks supports two authorization methods to connect to Azure Vault for certificate management:

  • Service Principle and secrets

  • Managed identities for Azure Resources

To enable the Azure Vault credential management system, pass the following environment variables at runtime:

For Service Principle and Secrets

  • AZURE_VAULT
  • APP_CONFIG_PROFILE
  • AZURE_CLIENT_ID
  • AZURE_CLIENT_SECRET
  • AZURE_TENANT_ID

For Managed identities for Azure Resources

  • AZURE_VAULT
  • APP_CONFIG_PROFILE