Contents x
Step 3 - Add secrets in Key Vault
    • PDF
    Contents

    Step 3 - Add secrets in Key Vault

      • PDF
      Article Summary

      3.1 - Azure Storage Connection String

      To enable Glasswall Halo's access to the reporting storage account ('saname'), the connection string is required in Key Vault.

      • You can retrieve the connection string through the Azure Portal or via the Azure CLI as shown in the example below. Just remember to enter your storage account and resource group.
      az storage account show-connection-string --name "${saname}" -g "${rgp}"

      • Enter your connection string (highlighted in the screenshot) by replacing ${saconnstring}, and enter your Key Vault by replacing ${kvname} (as below).
      az keyvault secret set --name "azure-storage-connectionstring" --vault-name "${kvname}" --value "${saconnstring}"

      3.2 - MongoDB Connection String

      To enable Glasswall Halo's Policy API to create and access the policies in MongoDB, the MongoDB string needs to be created in Key Vault.

      • You can retrieve the CosmosDB connection string (MongoDB compatible) through the Azure Portal or via the Azure CLI as shown in the example below.

        Note: remember to enter your Cosmos DB Account Name and Resource Group.

        The command will provide a list of 4 connection strings. You may use any one of the first 2 connections strings. You cannot use the Read-Only connection strings.
      az cosmosdb list-connection-strings --name "${cosmosdb_name}" -g "${rgp}"
      • Enter your connection string (highlighted in the screenshot) by replacing ${mongodb_connstring}, and enter your Key Vault by replacing ${kvname} (as below).
      az keyvault secret set --name "mongodb-connectionstring" --vault-name "${kvname}" --value "${mongodb_connstring}"

      Add the MongoDB passwords to Azure keyvault as a secret

      Note: if you have previously configured and setup MongoDB within Azure and have created your MongoDB connection string as listed above, you can skip this step.

      If not, to enable Glasswall Halo's Policy API to create and manage the policies in MongoDB, and Asynchronous API to create and manage the requests, MongoDB needs to be deployed using Helm charts listed in Step 8. 

      Two users will be created by the MongoDB Helm chart and the corresponding user's password needs to be set in the Vault secret.

      az keyvault secret set --name "mongodb-cdrp-password" --vault-name "${kvname}" --value "<cdrp-user-password>"
az keyvault secret set --name "mongodb-admin-password" --vault-name "${kvname}" --value "<admin-user-password>"

      3.3 - Menlo API Key

      To enable API key-based authentication in the Menlo API, add a secret menlo-api-key with an API key you would like to use.

      az keyvault secret set --name "menlo-api-key" --vault-name "${kvname}" --value "<strong-api-key>"


       

      Was this article helpful?
      What's Next