You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/iot-operations/secure-iot-ops/howto-manage-certificates.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,6 @@
1
1
---
2
2
title: Manage certificates
3
-
#description: TODO: Azure IoT Operations uses TLS to encrypt communication. Learn about the default setup and also how to bring your own CA for production.
3
+
description: Azure IoT Operations uses TLS to encrypt communication. Learn how to manage certificates for internal and external communications, and how to bring your own certificate authority (CA) issuer for a production deployment.
Copy file name to clipboardExpand all lines: articles/iot-operations/secure-iot-ops/howto-manage-secrets.md
+17-7Lines changed: 17 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,7 +4,7 @@ description: Create, update, and manage secrets that are required to give your A
4
4
author: asergaz
5
5
ms.author: sergaz
6
6
ms.topic: how-to
7
-
ms.date: 10/22/2024
7
+
ms.date: 05/20/2025
8
8
9
9
#CustomerIntent: As an IT professional, I want to manage secrets in Azure IoT Operations, by leveraging Key Vault and Azure Secrete Store to sync the secrets down from the cloud and store them on the edge as Kubernetes secrets.
10
10
---
@@ -33,21 +33,31 @@ Once the [set up secrets management](../deploy-iot-ops/howto-enable-secure-setti
33
33
34
34
Secrets are used in asset endpoints and data flow endpoints for authentication. In this section, we use asset endpoints as an example, the same can be applied to data flow endpoints. You have the option to directly create the secret in Azure Key Vault and have it automatically synchronized down to the edge, or use an existing secret reference from the key vault:
35
35
36
-
:::image type="content" source="media/howto-manage-secrets/use-secrets.png" alt-text="Screenshot that shows the Add from Azure Key Vault and Create new options when selecting a secret in operations experience.":::
36
+
1. Go to the **Asset endpoints** page in the [operations experience](https://iotoperations.azure.com) web UI.
37
37
38
-
-**Create a new secret**: creates a secret reference in the Azure Key Vault and also automatically synchronizes the secret down to the edge using Secret Store extension. Use this option if you didn't create the secret you require for this scenario in the key vault beforehand.
38
+
1. To view the secrets list, select **Manage certificates and secrets** and then **Secrets**.
39
+
<!-- ****TODO: Confirm this Add new secret button****** -->
40
+
1. To add a new secret, select **Add new secret**:
39
41
40
-
-**Add from Azure Key Vault**: synchronizes an existing secret in key vault down to the edge if it wasn't synchronized before. Selecting this option shows you the list of secret references in the selected key vault. Use this option if you created the secret in the key vault beforehand. *Only the latest version of the secret is synced to the edge*.
42
+
:::image type="content" source="media/howto-manage-secrets/use-secrets.png" alt-text="Screenshot that shows the Add from Azure Key Vault and Create new options when selecting a secret in operations experience.":::
43
+
44
+
-**Create a new secret**: creates a secret reference in the Azure Key Vault and also automatically synchronizes the secret down to the edge using Secret Store extension. Use this option if you didn't create the secret you require for this scenario in the key vault beforehand.
45
+
46
+
-**Add from Azure Key Vault**: synchronizes an existing secret in key vault down to the edge if it wasn't synchronized before. Selecting this option shows you the list of secret references in the selected key vault. Use this option if you created the secret in the key vault beforehand. *Only the latest version of the secret is synced to the edge*.
41
47
42
48
When you add the username and password references to the asset endpoints or data flow endpoints, you then need to give the synchronized secret a name. The secret references will be saved in the edge with this given name as one resource. In the example from the screenshot below, the username and password references are saved to the edge as *edp1secrets*.
43
49
44
50
:::image type="content" source="media/howto-manage-secrets/synced-secret-name.png" alt-text="Screenshot that shows the synced secret name field when username password is selected for authentication mode in operations experience.":::
45
51
46
-
## Manage Synced Secrets
52
+
## Manage synced secrets
53
+
54
+
In the [operations experience](https://iotoperations.azure.com) web UI, go to the **Asset endpoints** or **Data flows** page, select **Manage certificates and secrets**, and then **Secrets**.
55
+
56
+
*****TODO: Add screenshots for the secrets page.****
47
57
48
-
You can use **Manage secrets**for asset endpoints and data flow endpoints to manage synchronized secrets. Manage secrets shows the list of all current synchronized secrets at the edge for the resource you are viewing. A synced secret represents one or multiple secret references, depending on the resource using it. Any operation applied to a synced secret will be applied to all secret references contained within the synced secret.
58
+
You can use the **Secrets**page to manage synchronized secrets in your asset endpoints and data flow endpoints. Secrets page shows the list of all current synchronized secrets at the edge for the resource you are viewing. A synced secret represents one or multiple secret references, depending on the resource using it. Any operation applied to a synced secret will be applied to all secret references contained within the synced secret.
49
59
50
-
You can delete synced secrets as well in manage secrets. When you delete a synced secret, it only deletes the synced secret from the edge, and doesn't delete the contained secret reference from key vault.
60
+
You can delete synced secrets as well in the **Secrets** page. When you delete a synced secret, it only deletes the synced secret from the edge, and doesn't delete the contained secret reference from Azure Key Vault. You must delete the certificate secret manually from the key vault.
51
61
52
62
> [!WARNING]
53
63
> Directly editing **SecretProviderClass** and **SecretSync** custom resources in your Kubernetes cluster can break the secrets flow in Azure IoT Operations. For any operations related to secrets, use the operations experience web UI.
0 commit comments