scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-30 18:17:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

update azure docs (#16819)

Browse Source
This commit is contained in:
Milena Zlaticanin
2022-08-29 14:55:37 -05:00
committed by GitHub
parent a805ccbf2a
commit e75173a894
2 changed files with 1 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
website/content/api-docs/secret/azure.mdx
View File

@@ -37,8 +37,7 @@ service principals. Environment variables will override any parameters set in th
- `password_policy` `(string: "")` - Specifies a [password policy](/docs/concepts/password-policies) to
use when creating dynamic credentials. Defaults to generating an alphanumeric password if not set.
- `use_microsoft_graph_api` `(bool: true)` - Indicates whether the secrets engine should use the
[Microsoft Graph API](https://docs.microsoft.com/en-us/graph/use-the-api). If set to false, this will use the Azure
Active Directory API which has been [deprecated by Microsoft and will be removed in 2022](https://docs.microsoft.com/en-us/graph/migrate-azure-ad-graph-faq).
[Microsoft Graph API](https://docs.microsoft.com/en-us/graph/use-the-api).
If set to true, the user specified via the `client_id` and `client_secret` will need to have the following permissions
under the **Microsoft Graph API**:

32
website/content/docs/secrets/azure.mdx
View File

@@ -225,38 +225,6 @@ principal using the Azure portal:
- "Owner" role
### AAD (Azure Active Directory)
~> Microsoft is shutting down their Azure Active Directory API and will be retiring it in 2022. If you are currently using this secret engine, you will need to update the
credentials to include Microsoft Graph API permissions and specify the
`use_microsoft_graph_api` configuration value as true. See the
[API Docs](/api-docs/secret/azure#use_microsoft_graph_api) for more details.
As part of the retirement of Azure Active Directory, new service principals can no longer
be granted Azure Active Directory permissions using the Azure Portal. To add the neccessary
API permissions for AAD, the Azure CLI is suggested. The following commands will add the
correct privileges to an existing service principal:
```shell
APP_ID='<App ID Here>'
az ad app permission add \
--id ${APP_ID?} \
--api 00000002-0000-0000-c000-000000000000 \
--api-permissions \
1cda74f2-2616-4834-b122-5cb1b07f8a59=Role \
78c8a3c8-a07e-4b9e-af1b-b5ccab50a175=Role \
970d6fa6-214a-4a9b-8513-08fad511e2fd=Scope \
311a71cc-e848-46a1-bdf8-97ff7156d8e6=Scope
az ad app permission grant --id ${APP_ID?} --api 00000002-0000-0000-c000-000000000000
```
Additionally the following IAM roles are required and need to be added to the service
principal using the Azure portal:
- "Owner" role
### Migrating From AAD To Microsoft Graph
In this example we will migrate the Azure secret engine from using Azure Active Directory