| D toc |
|---|
For authentication purposes, the
| D s platform | ||
|---|---|---|
|
- For more information, see https://azure.microsoft.com/en-us/services/key-vault/.
Please complete the following sections to create and configure your Azure Key Vault.
Create a Key Vault resource in Azure
| Excerpt Include | ||||||
|---|---|---|---|---|---|---|
|
Configure Key Vault for WASB
Create WASB access token
If you are enabling access to WASB, you must create this token within the Azure Portal.
For more information, see https://docs.microsoft.com/en-us/rest/api/storageservices/delegating-access-with-a-shared-access-signature.
You must specify the storage protocol ( wasbs ) used by the
| D s platform |
|---|
Configure Key Vault key and secret for WASB
In the Key Vault, you can create key and secret pairs for use.
| Base Storage Layer | Description | ||
|---|---|---|---|
| ADLS | The
Please skip this section and populate the Key Vault URL into the
| ||
| WASB | For WASB, you must create key and secret values that match other values in your Azure configuration. Instructions are below. |
WASB: To enable access to the Key Vault, you must specify your key and secret values as follows:
| Item | Applicable Configuration | |
|---|---|---|
| key | The value of the key must be specified as the
| |
| secret | The value of the secret should match the shared access signature for your storage. This value is specified as
|
Acquire shared access signature value:
In the Azure portal, please do the following:
- Open your storage account.
- Select Shared Access Signature .
- Generate or view existing signatures.
- For a new or existing signature, copy the SAS token value. Omit the leading question mark (?).
- Paste this value into a text file for safekeeping.
Create a custom key:
To create a custom key and secret pair for WASB use by the
| D s platform |
|---|
- On an existing or newly created Azure Key Vault resource, click Secrets.
- At the top of the menu, click Generate/Import.
- In the Create a secret menu:
- Select Manual for upload options.
Chose an appropriate name for the key.
Info NOTE: Please retain the name of the key for later use, when it is applied through the
as theD s platform sasTokenIdvalue. Instructions are provided later.- Paste the SAS token value for the key into the secret field.
- Click Create.
Configure Key Vault Location
For ADLS or WASB, the location of the Azure Key Vault must be specified for the
| D s platform |
|---|
Steps:
- Log in to the Azure portal.
- Select the Key Vault resource.
- Click Properties.
- Locate the DNS Name field. Copy the field value.
This value is the location for the Key Vault. It must be applied in the
| D s platform |
|---|
Steps:
D s config Specify the URL in the following parameter:
Code Block "azure.keyVaultURL": "<your key value URL>",
Apply SAS token identifier for WASB
If you are using WASB as your base storage layer, you must apply the SAS token value into the configuration of the
| D s platform |
|---|
Steps:
D s config Paste the value of the SAS Token for the key you created in the Key Vault as the following value:
Code Block "azure.wasb.defaultStore.sasTokenId": "<your Sas Token Id>",
- Save your changes.
Configure Secure Token Service
Access to the Key Vault requires use of the secure token service (STS) from the
| D s platform |
|---|
| Info |
|---|
NOTE: Except in rare cases, the other properties for secure token service do not need to be modified. |
| D s config |
|---|
| Property | Description | ||
|---|---|---|---|
| " secure-token-service .autorestart" | Set this value to | ||
| "secure-token-service.port" | Set this value to 8090. | ||
| "com.trifacta.services.secure_token_service. refresh_token_encryption_key" | Enter a base64 string to serve as your encryption key for the refresh token of the secure token service. A default encryption key is inserted for you.
| ||
| "secure-token-service.userIdHashingPepper" | Enter a base64 string. |
