...
The identity that is used has to be given permissions to access the Azure Key Vault where the secret is configured. Both the name of the Key Vault and the Secret name have to be provided to the Delft-FEWS Components using ENV variables.
Azure Configuration
In the following screenshot a keyvault with the name "fews-fss-scaling-kv" is shown that contains several secrets. In this case the secret called databaseUrlWIthUsernameAndPassword is used as an example.
The value of the databaseUrlWIthUsernameAndPassword secret is similar to:
jdbc:sqlserver://mydatabaseserver:1433;database=fewsfsscalingmc00;user=myuser;password=dymmy;encrypt=true;
So the secret contains a JDBC URL including the username and password required to connect to the database.
To be able to use the Key Vault integration in a Virtual Machine (or other Azure deployments that support user assigned identities, like Azure Kubernetes), the VM needs to be assigned a User assigned identiy.
...