Using Azure Vault for Credential Management Service

Azure Key Vault is a tool for securely storing and accessing secrets.

A new Azure Vault provider is added for the Credential Management for property of type password.

Azure Vault is only supported on Docker platform.

The Azure Vault has two fields:
  • Vault Name: Name of the Vault.
  • Secret Name: Path of the Secret.

On TIBCO Business Studio™ for BusinessWorks™, the format is stored as #<AZURE_VAULT_NAME>::<AZURE_SECRET_KEY>#.

TIBCO BusinessWorks™ Container Edition supports two authorization methods to connect to Azure Vault:
  • Service Principle and Secrets.
  • Managed identities for Azure Resources.

To enable Azure vault credential management system pass the following environment variables at runtime:

For Service Principle and Secrets
  • AZURE_VAULT
  • APP_CONFIG_PROFILE
  • AZURE_CLIENT_ID
  • AZURE_CLIENT_SECRET
  • AZURE_TENANT_ID
For Managed identities for Azure Resources
  • AZURE_VAULT
  • APP_CONFIG_PROFILE
Note: Managed Identities are used when the application is running on Azure.

For more information on the environment variables, see Environment Variables