azure-key-vault-407fb19.md

Azure Key Vault

Consume Azure KeyVault and Azure Keyvault ManagedHSM with SAP Private Link service.

Creation Request

The following Cloud Foundry service-specific configuration parameters are supported during a service instance creation:

resourceId (required)	Identifies the resource on Azure the private link should be created for.
subResource (required)	Identifies the subresource on Azure the private link should be created for.
requestMessage (optional)	Specifies a message which is shown for the approval request on Azure for the specified resource.

Sample Code:

KeyVault

 {
     "resourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVault",
     "subResource": "vault",
     "requestMessage": "Please approve connection"
 }

Sample Code:

KeyVault ManagedHSM

{
     "resourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/managedHSMs/myHSM",
     "subResource": "managedhsm",
     "requestMessage": "Please approve connection"
 }

Binding Credentials

The following binding credentials are provided:

hostname

DNS entry to connect to the Azure resource. This DNS entry resolves to the internal IP address associated with this private link.

Sample Code:

KeyVault

{
     ...
     "privatelink": [
         {
             ...
             "credentials": {
                 "hostname": "my-keyvault.vault.azure.net"
             }
         }
     ]
 }

Sample Code:

KeyVault ManagedHSM

{
     ...
     "privatelink": [
         {
             ...
             "credentials": {
                 "hostname": "my-hsm.managedhsm.azure.net"
             }
         }
     ]
 }

Sample Applications

There is no custom configuration needed for your application to consume the Azure Key Vault via Private Link.

You can follow any tutorial using the Azure SDK for the language of your choice.