Skip to content

PMP Azure Key vault updates #10391

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: development
Choose a base branch
from
Open

PMP Azure Key vault updates #10391

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 29 additions & 8 deletions content/en/docs/private-platform/pmp-quickstart.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -264,11 +264,21 @@ Svix is required if you want to use webhooks. Install the Svix component by doin
4. Select **Svix**, and then specify the following parameters:

* **Image** - The Svix image path. The default path is `svix/svix-server:v1.25.0`. If you are using a self-signed TLS certificate, set this path to `{customer-private-image-registry-url}/svix/svix-server:v1.25.tls`.
* **Use Secret Provider** - Optional. Select this option to use the AWS Secret Manager. Selecting this option enables the following additional fields:
* **Use Secret Provider** - Optional. Select this option to use the AWS Secret Manager or the Azure Key Vault. Selecting this option enables the following additional fields:

* **Secret Provider** - Set to **AWS** by default.
* **AWS-Role-ARN** - An AWS role ARN which can access the specified Secret Manager.
* **AWS SecretManager Name** - The AWS Secret Manager name where the sensitive data is stored.
* For AWS Secret Manager:

* **Secret Provider** - Set to **AWS**.
* **AWS-Role-ARN** - An AWS role ARN which can access the specified Secret Manager.
* **AWS SecretManager Name** - The AWS Secret Manager name where the sensitive data is stored.

* For Azure Key Vault:

* **Secret Provider** - Set to **Azure**.
* **Client ID** - Enter a Client ID assigned to the Azure Managed Identity which enables Private Mendix Platform to access Azure resources.
* **Tenant ID** - Enter the Directory ID of the key vault.
* **Key Vault Name** - Enter the key vault name.
* **Use identity auth for Blob** - Set to **True** if you use the Azure Blob Storage with managed identity auth; the default value is **false**.

* **POSTGRES_DSN** - Available only if you do not use the AWS Secret Manager. A Postgres DSN, for example, `postgresql://postgres:postgres@pgbouncer/postgres`.
* **Use Redis** - Optional. Select this check box if you want to use Redis for message cache and queues.
Expand Down Expand Up @@ -309,10 +319,21 @@ Install the Private Mendix Platform by doing the following steps:
* **MxAdminPassword** - Optional. The password for the admin user, required if you are not planning to use the AWS Secret Manager. It must have at least one number, one upper case letter, one lower case letter and one symbol, with a minimum length of 12 characters.
* **dtapmode** - For production deployments, leave this value set to **P**. For the development of the app, for example acceptance testing, set the value to **D**.
* **ApplicationRootUrl** - Optional. Manually specify the URL of your Private Mendix Platform, for example, for use with SSO or when sending emails. For more information about this functionality, see [ApplicationRootUrl Needs to be Set Manually](/developerportal/deploy/private-cloud-operator/#applicationrooturl-needs-to-be-set-manually).
* **Use Secret Provider** - Optional. Select this option to use the AWS Secret Manager. Selecting this option enables the following additional fields:
* **Secret Provider** - Set to **AWS** by default.
* **AWS-Role-ARN** - An [AWS role ARN](https://docs.mendix.com/developerportal/deploy/secret-store-credentials/#aws-secrets-manager) which can access the specified Secret Manager.
* **AWS SecretManager Name** - The AWS Secret Manager name where the sensitive data is stored.
* **Use Secret Provider** - Optional. Select this option to use the AWS Secret Manager or the Azure Key Vault. Selecting this option enables the following additional fields:

* For AWS Secret Manager:

* **Secret Provider** - Set to **AWS**.
* **AWS-Role-ARN** - An [AWS role ARN](https://docs.mendix.com/developerportal/deploy/secret-store-credentials/#aws-secrets-manager) which can access the specified Secret Manager.
* **AWS SecretManager Name** - The AWS Secret Manager name where the sensitive data is stored.

* For Azure Key Vault:

* **Secret Provider** - Set to **Azure**.
* **Client ID** - Enter a Client ID assigned to the Azure Managed Identity which enables Private Mendix Platform to access Azure resources.
* **Tenant ID** - Enter the Directory ID of the key vault.
* **Key Vault Name** - Enter the key vault name.
* **Use identity auth for Blob** - Set to **True** if you use the Azure Blob Storage with managed identity auth; the default value is **false**.

5. In the **Enabled Functions** section, select or clear the functions that you want to enable or disable:

Expand Down