Ataccama ONE Agentic Cloud Portal ONE Desktop ONE DQ&C ONE MDM ONE RDM ONE Runtime Server
latest (17.0.0) 16.3.0 16.2.0 16.1.0 16.0.0 15.4.0 15.3.0 15.2.0 15.1.0 14.5.x 13.9.x 13.8.x 13.7.x 13.6.x 13.5.0 13.4.x 13.3.x 13.2.x
User Community Service Desk Downloads

Azure Key Vault Integration

Integrate ONE with Azure Key Vault to retrieve secrets when connecting to data sources.

This page includes references to Azure AD, which you might also know as Microsoft Entra ID.

Create new Azure Key Vault integration

  1. Go to Global Settings > Application Settings > Secret Management.

    Add new service

  2. Select Add.

  3. Provide the following information:

    • General

      1. Provider: The key vault or secret manager you are connecting to. Select Azure Key Vault.

      2. Name: A unique name for this service.

      3. URL: The complete URL of the Azure Key Vault.

      4. Description (Optional): A description for this service.

    • Authentication method: Select from the options provided.

      • Azure AD Client Credential

        1. Tenant ID: The unique identifier of the Azure AD instance within your Azure subscription (string). Also known as 'directory' ID. This takes the following form (GUID): ab12c456-789d-01ef-gg22-3h44i5jkl67m.

        2. Client ID: The unique identifier of the application created in Azure AD (string). Also known as Application ID. This takes the following form (GUID): cd12e456-789f-01gh-ii22-3j44k5lmn67o.

        3. Client secret: The client secret for Azure Key Vault (string).

      • Azure AD Managed Identity:

        1. Client ID (Optional): The authentication key string associated with the selected managed identity.

          If you want to use Azure AD Managed Identity, the Data Processing Engine (DPE) must be installed in your Azure cloud subscription on a virtual machine (VM) instance, and a Managed Role must be assigned in the Microsoft Azure Portal. To fulfill this requirement, if you are using Cloud Portal, the DPE must be installed in hybrid mode. See Kubernetes-Based Hybrid DPE Deployment Guide.

          If you have multiple DPEs running, you might need to specify additional constraints. See Constraints Configuration.

  4. Select Test to test the connection.

    Test connection

    If the connection is successful, select Save. Otherwise, verify that your configuration is correct.

Usage examples

Example using username and password

  1. In Data Catalog > Sources > [your source] > Add Connection, select Add Credentials.

  2. Select Credential type from the options provided:

    • Username and password

      Configure credentials username and password

      1. Name: A unique name for this set of credentials.

      2. Description (Optional): A description for this service.

      3. Select a secret management service: Select the Azure Key Vault you configured.

      4. Username

        1. Select the Use secret management service option.

          You can enable Use secret management service to retrieve the username, but it is not necessary as usernames can generally be shared and entered manually.

        2. Username (secret name): Enter the name under which the password is stored in your key vault.

      5. Password

        1. Select the Use secret management service option.

        2. Password (secret name): Enter the name under which the password is stored in your key vault. For example, oracle-prod-password.

          Essentially, the secret name is the name the password is stored under in your key vault or secret manager.
          Example key vault

  3. Select Test to test the connection. If the connection is successful, select Save. Otherwise, verify that your configuration is correct.

Example using Azure AD Client Credential

  1. In Data Catalog > Sources > [your source] > Add Connection, select Add Credentials.

  2. Select Credential type from the options provided:

    • Azure AD Client Credential

      Configure credentials Azure AD

      1. Name: A unique name for this set of credentials.

      2. Description (Optional): A description for this service.

      3. Select a secret management service: Using the dropdown options, select the secret management service in which the required secrets are contained.

      4. Client ID:

        1. Select the Use secret management service option.

        2. Client ID (secret name): Enter the name under which the Client ID is stored in your key vault. For example, adls-container-client-id.

          The secret name is the name the respective Client ID, Client Secret, and other parameters, are stored under in your key vault or secret manager.
          Example key vault

      5. Client secret:

        1. Select the Use secret management service option.

        2. Client Secret (secret name): Enter the name under which the Client Secret is stored in your key vault. For example, adls-container-client-secret.

      6. Tenant ID: The unique identifier of the Azure AD instance within your Azure subscription (string). Also called its 'directory' ID.

  3. Select Test to test the connection. If the connection is successful, select Save. Otherwise, verify that your configuration is correct.

Was this page useful?