...
*prefix*DATABASE_URL_SECRET_NAME (name of the secret in the key vault)
*prefix*AZURE_KEY_VAULT_NAME (name of the keyvault)
*prefix*AZURE_KEY_VAULT_CLIENT_ID (client id of the managed identity that has access to the key vault. Only required if multiple identities have been assigned to a VM. For example a system assignd and a user assigned identity)
prefix for MC and FSS is ALWAYS FEWS_
...
Code Block |
---|
FEWS_AI_DATABASE_URL_SECRET_NAME=databaseUrlWithUsernameAndPassword
FEWS_AI_AZURE_KEY_VAULT_NAME=fews-fss-scaling-kv
FEWS_AI_AZURE_KEY_VAULT_CLIENT_ID=my-optional-client-id |
In case open id connect is used to login with the Admin Interface, it is also possible to get the client secret from the Azure Key Vault. This is possible since 2024.01.
The ENV variable FEWS_AI_AZURE_KEY_VAULT_NAME has to be set for this case as well. In case the secret that is used is named Oauth2ClientSecret in the key vault, the ENV variable FEWS_AI_AUTHENTICATION_OAUTH2_CLIENT_SECRET_NAME can be used to get the secret from the Azure Key Vault.
Code Block |
---|
FEWS_AI_AUTHENTICATION_OAUTH2_CLIENT_SECRET_NAME=Oauth2ClientSecret |
Master Controller
Only prefix FEWS_ is supported. Only one mc van be used per Virtual Machine. Example ENV variables:
Code Block |
---|
FEWS_DATABASE_URL_SECRET_NAME=databaseUrlWithUsernameAndPassword
FEWS_AZURE_KEY_VAULT_NAME=fews-fss-scaling-kv
FEWS_AZURE_KEY_VAULT_CLIENT_ID=my-optional-client-id |
Forecasting Shell Server
Only prefix FEWS_ is supported. Example ENV variables:
Code Block |
---|
FEWS_FSS_INDEX_1_CLIENT_CONFIG_FILE_NAME=fss_clientConfig.xml
FEWS_FSS_INDEX_1_GROUP=linux
FEWS_DATABASE_URL_SECRET_NAME=databaseUrlWithUsernameAndPassword
FEWS_AZURE_KEY_VAULT_NAME="fews-fss-scaling-kv"
FEWS_AZURE_KEY_VAULT_CLIENT_ID=my-optional-client-id |
Web Services
Example ENV variables:
Code Block |
---|
FEWS_WS_DATABASE_URL_SECRET_NAME=databaseUrlWithUsernameAndPassword
FEWS_WS_AZURE_KEY_VAULT_NAME=fews-fss-scaling-kv
FEWS_WS_AZURE_KEY_VAULT_CLIENT_ID=my-optional-client-id |
Database Proxy
Example ENV variables:
Code Block |
---|
FEWS_DATABASE_URL_SECRET_NAME=databaseUrlWithUsernameAndPassword
FEWS_AZURE_KEY_VAULT_NAME=fews-fss-scaling-kv
FEWS_AZURE_KEY_VAULT_CLIENT_ID=my-optional-client-id |
In case open id connect is used to login with the Database Proxy, it is also possible to get the client secret from the Azure Key Vault. This is possible since 2024.01.
The ENV variable FEWS_AZURE_KEY_VAULT_NAME has to be set for this case as well. In case the secret that is used is named Oauth2ClientSecret in the key vault, the ENV variable FEWS_AI_AUTHENTICATION_OAUTH2_CLIENT_SECRET_NAME can be used to get the secret from the Azure Key Vault.
Code Block |
---|
FEWS_DATABASE_AUTHENTICATION_OAUTH2_CLIENT_SECRET_NAME=Oauth2ClientSecret |
Project Manager
Example ENV variables:
Code Block |
---|
FEWS_PM_DATABASE_URL_SECRET_NAME=databaseUrlWithUsernameAndPassword FEWS_AZURE_KEY_VAULT_NAME=fews-fss-scaling-kv FEWS_AZURE_KEY_VAULT_CLIENT_ID=my-optional-client-id |
For the project manager, it is also possible to get the client secret from the Azure Key Vault. This is possible since 2024.01.
The ENV variable FEWS_PM_AZURE_KEY_VAULT_NAME has to be set for this case as well. In case the secret that is used is named Oauth2ClientSecret in the key vault, the ENV variable FEWS_AI_AUTHENTICATION_OAUTH2_CLIENT_SECRET_NAME can be used to get the secret from the Azure Key Vault.
Code Block |
---|
FEWS_PM_AUTHENTICATION_OAUTH2_CLIENT_SECRET_NAME=Oauth2ClientSecret |
Archive Server
For an archive server that is configured with OIDC login, it is also possible to get the client secret from the Azure Key Vault. This is possible since 2024.01. In the archiveServerConfig.xml instead of using the clientSecret element, the clientSecretKeyVaultName should be used. For example:
Code Block |
---|
<arc:clientSecretKeyVaultName keyVault="fews-fss-scaling-kv">Oauth2FrontEndClientSecret</arc:clientSecretKeyVaultName>-vault |
Global Properties
Azure Secrets can also be used in the global properties of a Forecasting Shell Server or the Web Services.
...