You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/iot-operations/deploy-iot-ops/howto-manage-secrets.md
+8-5Lines changed: 8 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -21,20 +21,23 @@ Azure IoT Operations uses Azure Key Vault as the managed vault solution on the c
21
21
22
22
## Add and use secrets
23
23
24
-
Secrets management for Azure IoT Operations uses Azure Secret Store to sync the secrets from an Azure Key Vault and store them on the edge as Kubernetes secrets. When you enabled secure settings during deployment, you selected an Azure Key Vault for secret management. It is in this Key Vault where all secrets to be used within Azure IoT Operations are stored. Azure IoT Operations instances work with only one Azure Key Vault, multiple key vaults per instance isn't supported.
24
+
Secrets management for Azure IoT Operations uses Azure Secret Store to sync the secrets from an Azure Key Vault and store them on the edge as Kubernetes secrets. When you enabled secure settings during deployment, you selected an Azure Key Vault for secret management. It is in this Key Vault where all secrets to be used within Azure IoT Operations are stored.
25
25
26
-
Once the setup secrets management steps are completed, you can start adding secrets to Azure Key Vault, and sync them to the edge to be used in Asset Endpoint Profile or Dataflow Endpoints using the [operations experience web UI](https://iotoperations.azure.com).
26
+
> [!NOTE]
27
+
> Azure IoT Operations instances work with only one Azure Key Vault, multiple key vaults per instance isn't supported.
27
28
28
-
Secrets are used in Asset Endpoint profile and Dataflow endpoints for authentication. In this section, we use Asset Endpoint profile as an example, the same can be applied to dataflow endpoints. You have the following options when using a secret from the selected key vault:
29
+
Once the setup secrets management steps are completed, you can start adding secrets to Azure Key Vault, and sync them to the edge to be used in **Asset Endpoints** or **Dataflow Endpoints** using the [operations experience](https://iotoperations.azure.com) web UI.
30
+
31
+
Secrets are used in asset endpoints and dataflow endpoints for authentication. In this section, we use asset endpoints as an example, the same can be applied to dataflow endpoints. You have the following options when using a secret from the selected key vault:
29
32
30
33
-**Create a new secret**: creates a secret reference in the Azure Key Vault and also automatically synchronizes the secret down to the edge using Azure Secret Store. Use this option if you didn't create the secret you require for this scenario in the key vault beforehand.
31
34
32
-
-**Add from Azure Key Vault**: synchronizes an existing secret in key vault down to the edge in Azure Key Vault that wasn't synchronized before. Selecting this option shows you the list of secret references in the selected key vault. Use this option if you created the secret in the key vault beforehand.
35
+
-**Add from Azure Key Vault**: synchronizes an existing secret in key vault down to the edge if it wasn't synchronized before. Selecting this option shows you the list of secret references in the selected key vault. Use this option if you created the secret in the key vault beforehand.
33
36
34
37
-**Add synced secret**: uses an existing and synchronized to the edge secret for the component. Selecting this option shows you the list of already synchronized secrets. Use this option if you previously created and synchronized the secret but didn't use it in an Azure IoT Operations component.
35
38
36
39
## Manage Synced Secrets
37
40
38
-
You can use Manage Synced Secrets for asset endpoint profiles and dataflow endpoints to view or delete synced secrets.
41
+
You can use **Manage Secrets** for asset endpoints and dataflow endpoints to view or delete synced secrets.
39
42
40
43
You can delete synced secrets as well. When you delete a synced secret, it only deletes the secret from the edge, and doesn't delete the secret from key vault. Before deleting a synced secret, make sure that all references to the secret from Azure IoT Operations components are removed.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments