You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/iot-operations/deploy-iot-ops/howto-manage-secrets.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,7 +5,7 @@ author: kgremban
5
5
ms.author: kgremban
6
6
ms.subservice: orchestrator
7
7
ms.topic: how-to
8
-
ms.date: 03/12/2024
8
+
ms.date: 03/21/2024
9
9
ms.custom: ignite-2023, devx-track-azurecli
10
10
11
11
#CustomerIntent: As an IT professional, I want prepare an Azure-Arc enabled Kubernetes cluster with Key Vault secrets so that I can deploy Azure IoT Operations to it.
@@ -57,7 +57,7 @@ First, register an application with Microsoft Entra ID:
57
57
58
58
1. Copy the **Application (client) ID** from the app registration overview page. You'll use this value as an argument when running Azure IoT Operations deployment with the `az iot ops init` command.
59
59
60
-
Next, give your application permissions for key vault:
60
+
Next, give your application permissions for Key Vault:
61
61
62
62
1. On the resource page for your app, select **API permissions** from the **Manage** section of the app menu.
63
63
@@ -105,14 +105,14 @@ az keyvault show --name "<your unique key vault name>" --resource-group "<the na
105
105
106
106
### Set service principal access policy in Key Vault
107
107
108
-
The newly created service principal needs **Secret**`list` and `get` access policy for the Azure IoT Operations to work with the secret store.
108
+
The newly created service principal needs **secret**`list` and `get` access policy for the Azure IoT Operations to work with the secret store.
109
109
110
-
To manage key vault access policies, the principal logged in to the CLI needs sufficient Azure permissions. In the Role Based Access Control (RBAC) model, this permission is included in key vault contributor or higher roles.
110
+
To manage Key Vault access policies, the principal logged in to the CLI needs sufficient Azure permissions. In the Role Based Access Control (RBAC) model, this permission is included in Key Vault contributor or higher roles.
111
111
112
112
>[!TIP]
113
-
>If you used the logged-in CLI principal to create the Key Vault, then you probably already have the right permissions. However, if you're pointing to a different or existing Key Vault then you should check that you have sufficient permissions to set access policies.
113
+
>If you used the logged-in CLI principal to create the key vault, then you probably already have the right permissions. However, if you're pointing to a different or existing key vault then you should check that you have sufficient permissions to set access policies.
114
114
115
-
Run the following to assign **secret**`get` and `list` permissions to the service principal.
115
+
Run the following to assign **secret**`list` and `get` permissions to the service principal.
116
116
117
117
```bash
118
118
az keyvault set-policy --name "<your unique key vault name>" --resource-group "<the name of the resource group>" --object-id <Object ID copied from Enterprise Application SP in Microsoft Entra ID> --secret-permissions get list
0 commit comments