Skip to main content

Configure Azure Key Vault

For authentication purposes, the Designer Cloud Powered by Trifacta platform must be integrated with an Azure Key Vault keystore.

Please complete the following sections to create and configure your Azure Key Vault.

Create a Key Vault resource in Azure

Please complete the following steps in the Azure portal to create a Key Vault and to associate it with the Alteryx registered application.

Note

A Key Vault is required for use with the Designer Cloud Powered by Trifacta platform.

Create Key Vault in Azure

Steps:

  1. Log into the Azure portal.

  2. Goto: https://portal.azure.com/#create/Microsoft.KeyVault

  3. Complete the form for creating a new Key Vault resource:

    1. Name: Provide a reasonable name for the resource. Example:

      <clusterName>-<applicationName>-<group/organizationName>

      Or, you can use trifacta.

    2. Location: Pick the location used by the cluster.

    3. For other fields, add appropriate information based on your enterprise's preferences.

  4. To create the resource, click Create.

    Note

    Retain the DNS Name value for later use.

Enable Key Vault access for the Designer Cloud Powered by Trifacta platform

Steps:

In the Azure portal, you must assign access policies for application principal of the Alteryx registered application to access the Key Vault.

Steps:

  1. In the Azure portal, select the Key Vault you created. Then, select Access Policies.

  2. In the Access Policies window, select the Alteryx registered application.

  3. Click Add Access Policy.

  4. Select the following secret permissions (at a minimum):

    1. Get

    2. Set

    3. Delete

    4. Recover

  5. Select the Alteryx application principal.

  6. Assign the policy you just created to that principal.

Configure Key Vault for ADLS

For ADLS Gen2, the Designer Cloud Powered by Trifacta platform creates its own key-secret combinations in the Key Vault. No additional configuration is required.

Configure the Platform

Configure Key Vault location

The location of the Azure Key Vault must be specified for the Designer Cloud Powered by Trifacta platform. The location can be found in the properties section of the Key Vault resource in the Azure portal.

Steps:

  1. Log in to the Azure portal.

  2. Select the Key Vault resource.

  3. Click Properties.

  4. Locate the DNS Name field. Copy the field value.

This value is the location for the Key Vault. It must be applied in the Designer Cloud Powered by Trifacta platform.

Steps:

  1. You can apply this change through the Admin Settings Page (recommended) or trifacta-conf.json. For more information, see Platform Configuration Methods.

  2. Specify the URL in the following parameter:

    "azure.keyVaultURL": "<your key value URL>",

Configure Secure Token Service

Access to the Key Vault requires use of the secure token service (STS) from the Designer Cloud Powered by Trifacta platform. To use STS with Azure, several properties must be specified. For more information, see Configure Secure Token Service.

In this section: