Configure Azure Key Vault

Abstract

This topic describes how you use the Azure Key Vault to store the encryption keys used to configure the Always Encrypted feature when you use Azure SQL.

This topic describes how you use the Azure Key Vault to store the encryption keys used to configure the Always Encrypted feature for Azure SQL.

To configure Azure Key Vault:

  1. Remove the .disabled extension from the

    sc.Xdb.Collection.Data.Sql.KeyStoreProviders.xml.disabled file. This enables the configuration in the file.

  2. In the xconnect\App_Data\Config\Sitecore\Collection\sc.Xdb.Collection.Data.Sql.KeyStoreProviders.xml file, replace the value of the <ClientIdAppSettingsKey> and <ClientSecretAppSettingsKey> settings with the appropriate values from the xconnect\App_Data\Config\Sitecore\Collection\sc.Xdb.Collection.Data.Sql.KeyStoreProviders.xml file.

    Note

    If you use the default names for the applications settings and you have no custom code that requires these settings, you can use the new default names of the application settings AzureKeyVaultClientId and AzureKeyVaultClientSecret in the xconnect\ App_Config\AppSettings.config file.

  3. Add the .disabled extension to the xconnect\App_Data\Config\Sitecore\Collection\sc.Xdb.Collection.Data.Sql.KeyStoreProviders.xml file. This disables the configuration in the file.

For more information about Azure Key Vault, see Microsoft’s documentation.