Azure Key Vault
The Azure Key Vault is used for storing secrets such as credentials, connection strings, and certificates.
The Make Provisioning application uses the Key Vault to store the certificate required for App Context function calls to Microsoft 365.
By default, the name of the Key Vault follows this naming convention:
| Naming Convention | Description |
|---|---|
| Format | <DEPT[2|4]>-KV-<SERVICE[3|6]>-<ENVIRONMENT[2|4]><REGION[2|3]> |
| Example | RC-AI-MAKE-DEV-WERC-AI-MAKE-TST-WERC-AI-MAKE-DEMO-WE |
Access Policies
The installation user account and the Make application are granted permissions to access the Key Vault by defining policies for both principals.
- Access User Account: Granted all permissions for Keys, Secrets, and Certificates.
- Make Provisioning Application: Granted Get and List permissions for Secrets and Certificates only.
This is necessary to retrieve the certificate with the private key used for signing calls to SharePoint Online.