...
The identity that is used has to be given permissions to access the Azure Key Vault where the secret is configured. Both the name of the Key Vault and the Secret name have to be provided to the Delft-FEWS Components using ENV variables.
Azure Configuration
To be able to use the Key Vault integration in a Virtual Machine (or other Azure deployments that support user assigned identities, like Azure Kubernetes), the VM needs to be assigned a User assigned identiy.
In the following example one identity is assigned.
Key Vault Configuration
In Azure Key Vault, the user assigned identity has to be assigned the "Key Vault Secrets User". See the following example.
Configure Delft-FEWS Components to use Azure Key Vault
...
Only prefix FEWS_ is supported. And only one FSS can be run, so INDEX_1 has to be used. Example ENV variables:
| Code Block |
|---|
FEWS_FSS_INDEX_1_CLIENT_CONFIG_FILE_NAME="fss_clientConfig.xml" FEWS_FSS_INDEX_1_GROUP="linux" FEWS_DATABASE_URL_SECRET_NAME="databaseUrlWithUsernameAndPassword" FEWS_AZURE_KEY_VAULT_NAME="fews-key-vault" |
...