How to setup Azure Key Vault with Dynamics 365 for Finance and Operations

Azure Key Vault is a service that allows you to store secret keys, like passwords or certificates for external web-services, to be used by your different apps. When stored in Key Vault, none of your apps need to know details about or store these secrets by themselves. No more passwords laying around in code, in your version control system, in configuration files etc.

You can read more about Key Vault here.

Dynamics 365 for Finance and Operations has integration with key vault. It's just not very well documented and for now it seems only used a few places for integrations with different authorities.

I can't find any documentation on docs about the setup of Key Vault with Dynamics 365 for Finance and Operations, but I was able to find this support guide in stead: https://support.microsoft.com/en-us/help/4040294/maintaining-azure-key-vault-storage

If you follow the guide you'll be able to do the necessary setup on Azure.

In Dynamics you can find the setup form under System administration / Setup / Key vault parameters:


Let's try to figure out how to add a configuration to this form.

I have created a key vault called "PallesVault":


The "DNS Name" from the vault is what you enter in the "Key Vault URL" field.

I have registered my Dynamics instance as an app, as described in the support article. And I have added a Key to the registration. The Application Id and the secret key I have added goes into the "Key vault client" and "Key vault secret key" fields.


I have added single secret to my vault, which is my phone number ("Telefonnummer" is danish for phone number):


The address of the secret goes into the "Secret" field, as "vault://pallesvault/PallesTelefonnummer"

So, to get the value of this key from Dynamics the setup looks like this:



And here is some quick and dirty test code:

public static void main(Args _args) 

    KeyVaultCertificateTable keyVaultCertificateTable; 

    select firstonly KeyVaultCertificateTable 
        where KeyVaultCertificateTable.Name == "Telefon"; 

    str secretValue = KeyVaultCertificateHelper::getManualSecretValue(KeyVaultCertificateTable.RecId); 

    info (secretValue); 
}

In regards to pricing for the key vault, there is a Standard and a Premium tier. Standard is nearly free and Premium will set you back around 1$ a month.

Go secure your secret keys.
Comment List
Related
Recommended