Add support for private Azure Key Vault

ntrogh · ntrogh · commit 3e2ea7aaa814 · 2023-09-18T14:38:14.000+02:00
diff --git a/articles/load-testing/how-to-configure-customer-managed-keys.md b/articles/load-testing/how-to-configure-customer-managed-keys.md
@@ -39,12 +39,16 @@ Azure Load Testing uses the customer-managed key to encrypt the following data i
 
 - Once customer-managed key encryption is enabled on a resource, it can't be disabled.
 
-- If the customer-managed key is stored in an Azure Key Vault behind a firewall, public access should be enabled on the firewall to allow Azure Load Testing to access the key.
-
 ## Configure your Azure key vault
 
 To use customer-managed encryption keys with Azure Load Testing, you need to store the key in Azure Key Vault. You can use an existing or create a new key vault. The load testing resource and key vault may be in different regions or subscriptions in the same tenant.
 
+### Configure key vault networking settings
+
+If you restricted access to your Azure key vault by a firewall or virtual networking, you need to grant access to Azure Load Testing for retrieving your customer-managed keys. Follow these steps to [grant access to trusted Azure services](/azure/key-vault/general/overview-vnet-service-endpoints#grant-access-to-trusted-azure-services).
+
+### Configure soft delete and purge protection
+
 You have to set the *Soft Delete* and *Purge Protection* properties on your key vault to use customer-managed keys with Azure Load Testing. Soft delete is enabled by default when you create a new key vault and can't be disabled. You can enable purge protection at any time. Learn more about [soft delete and purge protection in Azure Key Vault](/azure/key-vault/general/soft-delete-overview).
 
 # [Azure portal](#tab/portal)
diff --git a/articles/load-testing/how-to-parameterize-load-tests.md b/articles/load-testing/how-to-parameterize-load-tests.md
@@ -24,7 +24,7 @@ The Azure Load Testing service supports two types of parameters:
 
 - An Azure account with an active subscription. If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.  
 
-- An Azure Load Testing resource. If you need to create an Azure Load Testing resource, see the quickstart [Create and run a load test](./quickstart-create-and-run-load-test.md).  
+- An Azure load testing resource. If you need to create an Azure Load Testing resource, see the quickstart [Create and run a load test](./quickstart-create-and-run-load-test.md).  
 
 ## <a name="secrets"></a> Configure load tests with secrets
 
@@ -49,6 +49,9 @@ You'll also need to grant Azure Load Testing access to your Azure key vault to r
 
 1. [Add the secret value to your key vault](../key-vault/secrets/quick-create-portal.md#add-a-secret-to-key-vault), if you haven't already done so.
 
+    > [!IMPORTANT]
+    > If you restricted access to your Azure key vault by a firewall or virtual networking, follow these steps to [grant access to trusted Azure services](/azure/key-vault/general/overview-vnet-service-endpoints#grant-access-to-trusted-azure-services).
+
 1. Retrieve the key vault **secret identifier** for your secret. You'll use this secret identifier to configure your load test.
 
     :::image type="content" source="media/how-to-parameterize-load-tests/key-vault-secret.png" alt-text="Screenshot that shows the details of a secret in an Azure key vault.":::
