Using Azure Vault for Credential Management Service

Azure Key Vault is a tool for securely storing and accessing secrets.

A new Azure Vault provider is added for the Credential Management for property of type password.

Azure Vault is only supported on Docker platform.

The Azure Vault has two fields:

  • Vault Name: Name of the Vault.
  • Secret Name: Path of the Secret.

On TIBCO Business Studio for BusinessWorks, the format is stored as #<AZURE_VAULT_NAME>::<AZURE_SECRET_KEY>#.

TIBCO Business Studio for BusinessWorks supports two authorization methods to connect to Azure Vault:

  • Service Principle and Secrets
  • Managed identities for Azure Resources

To enable Azure vault credential management system pass the following environment variables at runtime:

For Service Principle and Secrets

  • AZURE_VAULT
  • APP_CONFIG_PROFILE
  • AZURE_CLIENT_ID
  • AZURE_CLIENT_SECRET
  • AZURE_TENANT_ID

For Managed identities for Azure Resources

  • AZURE_VAULT
  • APP_CONFIG_PROFILE
Note: Managed Identities are used when the application is running on Azure.

For more information on the environment variables, see Environment Variables.