You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Introduction

Azure Key Vault is a service provided by Azure to manage secrets. All Delft-FEWS components that connect to the database with a JDBC URL can now use Azure Key Vault to store the JDBC URL including the username and password as a secret.

It is required for a Virtual Machine or Container that runs in Azure to have a user assigned managed identiy. See: https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/how-manage-user-assigned-managed-identities

The identity that is used has to be given permissions to access the Azure Key Vault where the secret is configured. Both the name of the Key Vault and the Secret name have to be provided to the Delft-FEWS Components using ENV variables.

Configure Delft-FEWS Components to use Azure Key Vault

Key Vault Environment variables follow the following convention.

*prefix*DATABASE_URL_SECRET_NAME
*prefix*AZURE_KEY_VAULT_NAME

prefix for MC and FSS is ALWAYS FEWS_


Admin Interface

Example ENV variables:

FEWS_AI_DATABASE_URL_SECRET_NAME=databaseUrlWithUsernameAndPassword
FEWS_AI_AZURE_KEY_VAULT_NAME=fews-key-vault

Master Controller

Only prefix FEWS_ is supported. This means only one mc van be used per Virtual Machine and the MC subfolder will be created. Example ENV variables:

FEWS_DATABASE_URL_SECRET_NAME="databaseUrlWithUsernameAndPassword"
FEWS_AZURE_KEY_VAULT_NAME="fews-key-vault"

Forecasting Shell Server

Only prefix FEWS_ is supported. And only one FSS can be run, so INDEX_1 has to be used. Example ENV variables:

FEWS_FSS_INDEX_1_CLIENT_CONFIG_FILE_NAME="fss_clientConfig.xml"
FEWS_FSS_INDEX_1_GROUP="linux"
FEWS_DATABASE_URL_SECRET_NAME="databaseUrlWithUsernameAndPassword"
FEWS_AZURE_KEY_VAULT_NAME="fews-key-vault"

Web Services

Example ENV variables:

FEWS_WS_DATABASE_URL_SECRET_NAME=databaseUrlWithUsernameAndPassword
FEWS_WS_AZURE_KEY_VAULT_NAME=fews-key-vault

Database Proxy

Example ENV variables:

FEWS_DATABASE_URL_SECRET_NAME="databaseUrlWithUsernameAndPassword"
FEWS_AZURE_KEY_VAULT_NAME="fews-key-vault"

Project Manager

Example ENV variables:

FEWS_PM_DATABASE_URL_SECRET_NAME=databaseUrlWithUsernameAndPassword
FEWS_AZURE_KEY_VAULT_NAME=fews-key-vault


Global Properties

Azure Secrets can also be used in the global properties of a Forecasting Shell Server or the Web Services.

For example to configure a password that is required during an import, the property can be condfigured as follows:

importPassword=%SECRET(azureSecretName)%


  • No labels

Disclaimer