Skip to content

Commit 7f4c3a5

Browse files
kgrembankgremban
committed
Merge branch 'mar12-secrets' of https://github.com/kgremban/azure-docs-pr into mar12-secrets
2 parents 1c34745 + c0d9ab1 commit 7f4c3a5

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

articles/iot-operations/deploy-iot-ops/howto-manage-secrets.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ Secrets management in Azure IoT Operations Preview uses Azure Key Vault as the m
2323

2424
## Configure a secret store on your cluster
2525

26-
Azure IoT Operations supports Key Vault for storing secrets and certificates. The `az iot ops init` Azure CLI command automates the steps to create a key vault, set up a service principal to give access to the key vault, and configure the secrets that you need for running Azure IoT Operations.
26+
Azure IoT Operations supports Key Vault for storing secrets and certificates. The `az iot ops init` Azure CLI command automates the steps to set up a service principal to give access to the key vault and configure the secrets that you need for running Azure IoT Operations.
2727

2828
For more information, see [Deploy Azure IoT Operations Preview extensions to a Kubernetes cluster](../deploy-iot-ops/howto-deploy-iot-operations.md?tabs=cli).
2929

@@ -133,7 +133,7 @@ az iot ops init --name "<your unique key vault name>" --resource-group "<the nam
133133
--no-deploy
134134
```
135135

136-
One step that the `init` command takes is to create a Key Vault secret to use for the Azure IoT Operations service account. This step requires that the principal logged in to the CLI has secret `set` permissions. If you want to use an existing secret, you can specify it with the `--kv-sat-secret-name` parameter, in which case the logged in principal only needs secret `get` permissions.
136+
One step that the `init` command takes is to ensure all Secret Provider Classes (SPCs) required by Azure IoT Operations have a default secret configured in key vault. If a value for the default secret does not exist `init` will create one. This step requires that the principal logged in to the CLI has secret `set` permissions. If you want to use an existing secret as the default SPC secret, you can specify it with the `--kv-sat-secret-name` parameter, in which case the logged in principal only needs secret `get` permissions.
137137

138138
## Add a secret to an Azure IoT Operations component
139139

0 commit comments

Comments
 (0)