You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/iot-operations/deploy-iot-ops/howto-manage-secrets.md
+9-9Lines changed: 9 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -27,13 +27,13 @@ For more information, see [Deploy Azure IoT Operations extensions](./howto-deplo
27
27
28
28
## Configure service principal and Azure Key Vault upfront
29
29
30
-
If the Azure account executing the `az iot ops init` command does not have permissions to query the Microsoft Graph and create service principals, you can prepare these upfront and use extra arguments when running the CLI command as described in [Deploy Azure IoT Operations extensions](./howto-deploy-iot-operations.md?tabs=cli).
30
+
If the Azure account executing the `az iot ops init` command doesn't have permissions to query the Microsoft Graph and create service principals, you can prepare these upfront and use extra arguments when running the CLI command as described in [Deploy Azure IoT Operations extensions](./howto-deploy-iot-operations.md?tabs=cli).
31
31
32
32
### Configure service principal for interacting with Azure Key Vault via Microsoft Entra ID
33
33
34
34
Follow these steps to create a new Application Registration that will be used by the AIO application to authenticate to Key Vault.
35
35
36
-
First, register an application with Microsoft Entra ID.
36
+
First, register an application with Microsoft Entra ID:
37
37
38
38
1. In the Azure portal search bar, search for and select **Microsoft Entra ID**.
39
39
@@ -51,11 +51,11 @@ First, register an application with Microsoft Entra ID.
51
51
52
52
1. Select **Register**.
53
53
54
-
When your application is created, you are directed to its resource page.
54
+
When your application is created, you're directed to its resource page.
55
55
56
56
1. Copy the **Application (client) ID** from the app registration overview page. You'll use this value as an argument when running Azure IoT Operations deployment with the `az iot ops init` command.
57
57
58
-
Next, give your application permissions for key vault.
58
+
Next, give your application permissions for key vault:
59
59
60
60
1. On the resource page for your app, select **API permissions** from the **Manage** section of the app menu.
61
61
@@ -69,7 +69,7 @@ Next, give your application permissions for key vault.
69
69
70
70
1. Select **Add permissions**.
71
71
72
-
Create a client secret that will be added to your Kubernetes cluster to authenticate to your key vault.
72
+
Create a client secret that will be added to your Kubernetes cluster to authenticate to your key vault:
73
73
74
74
1. On the resource page for your app, select **Certificates & secrets** from the **Manage** section of the app menu.
75
75
@@ -79,9 +79,9 @@ Create a client secret that will be added to your Kubernetes cluster to authenti
79
79
80
80
1. Copy the **Value** from your new secret. You'll use this value later when you run `az iot ops init`.
81
81
82
-
Retrieve the service principal Object Id
82
+
Retrieve the service principal Object ID:
83
83
84
-
1. On the **Overview** page for your app, under the section **Essentials**, click on the **Application name** link under **Managed application in local directory**. This opens the Enterprise Application properties. Copy the Object Id to use when you run `az iot ops init`.
84
+
1. On the **Overview** page for your app, under the section **Essentials**, click on the **Application name** link under **Managed application in local directory**. This opens the Enterprise Application properties. Copy the Object ID to use when you run `az iot ops init`.
85
85
86
86
### Create an Azure Key Vault
87
87
@@ -95,7 +95,7 @@ If you have an existing key vault, you can change the permission model by execut
95
95
```bash
96
96
az keyvault update --name "<your unique key vault name>" --resource-group "<the name of the resource group>" --enable-rbac-authorization false
97
97
```
98
-
You will need the Key Vault resource ID when you run `az iot ops init`. To retrieve the resource ID, run:
98
+
You'll need the Key Vault resource ID when you run `az iot ops init`. To retrieve the resource ID, run:
99
99
100
100
```bash
101
101
az keyvault show --name "<your unique key vault name>" --resource-group "<the name of the resource group>" --query id -o tsv
### Pass service principal and Key Vault arguments to Azure IoT Operations deployment
115
115
116
-
When following the guide [Deploy Azure IoT Operations extensions](./howto-deploy-iot-operations.md?tabs=cli), you will need to pass in additional flags to the `az iot ops init` command in order to use the pre-configured service principal and key vault.
116
+
When following the guide [Deploy Azure IoT Operations extensions](./howto-deploy-iot-operations.md?tabs=cli), you'll need to pass in additional flags to the `az iot ops init` command in order to use the pre-configured service principal and key vault.
117
117
118
118
The following example shows how to prepare the cluster for Azure IoT Operations without fully deploying it by using `--no-deploy` flag. You can also run the command without this argument for a default Azure IoT Operations deployment.
0 commit comments