Configure the KMES Series 3 for Integrating with Azure
This section covers creating a Cloud credential and an Azure Key Group on the KMES Series 3.
Before beginning, gather the three IDs (Tenant ID, Client ID, and Client Secret) that you collected for the App Registration in Azure. Then, perform the following steps to create a Cloud Credential on the KMES:
Log in to the KMES application interface with the default Admin identities.
Navigate to Identity Management > Cloud Credentials and select [ Add Cloud Credential ].
Select Azure App Registration from the Service drop-down menu.
Enter a name for the Cloud Credential and enter the Client Secret, Tenant ID, and Client ID values from the App Registration.
For the Client Secret, you can choose to import it as a plain text file.
Select [ OK ] to finish creating the Cloud Credential.
The key group that you create on the KMES in this section is essentially the key in the Azure Key Vault. Azure Key Vault holds keys, and each key has versions. In the KMES, this is equivalent to the key group representing your key and the keys inside that group representing versions of that key. Furthermore, the KMES only shows keys for which key material was created on the KMES. Pulling private key data generated entirely on the Key Vault is not possible.
Perform the following steps to create a key group:
Navigate to Key Management > Keys and select [ Create ].
Select an Asymmetric HSM Protected key group and select [ OK ].
Select Azure App Registration from the Service drop-down menu.
Name the key group (this will be the name of the key on the Key Vault), select the Cloud Credential created earlier, and set the key type, rotation policy, and key usages.
Select the Azure Properties tab and type in the name of the Key Vault that you created in the previous section.
Select [ OK ] to finish creating the key group.