Configure the KMES Series 3 for Integrating with Azure

this section covers creating a cloud credential and an azure key group on the {{k3}} create a cloud credential before beginning, gather the three ids ( tenant id , client id, and client secret ) that you collected for the app registration in azure then, perform the following steps to create a cloud credential on the {{k}} log in to the {{k}} application interface with the default admin identities navigate to identity management > cloud credentials and select \[ add cloud credential ] select azure app registration from the service drop down menu enter a name for the cloud credential and enter the client secret , tenant id , and client id values from the app registration for the client secret , you can choose to import it as a plain text file select \[ ok ] to finish creating the cloud credential create a new key group the key group that you create on the {{k}} in this section is essentially the key in the azure key vault azure key vault holds keys, and each key has versions in the {{k}} , this is equivalent to the key group representing your key and the keys inside that group representing versions of that key furthermore, the {{k}} only shows keys for which key material was created on the {{k}} pulling private key data generated entirely on the key vault is not possible perform the following steps to create a key group go to key management > keys and select \[ create ] select an asymmetric hsm protected key group and select \[ ok ] select azure app registration from the service drop down menu name the key group (this is the name of the key on the key vault), select the cloud credential created earlier, and set the key type , rotation policy , and key usages select the azure properties tab and type in the name of the key vault that you created in the previous section select \[ ok ] to finish creating the key group