Integration with Azure Key Vault13 minutes to read
PAM360 integrates with Microsoft Azure Key Vault — a cloud service for managing SSL certificates. This integration enables users to request, renew, and manage the SSL certificates stored in the Azure Key Vault by importing them into the PAM360 repository. You can automatically renew certificate requests and automate the end-to-end lifecycle management of SSL/TLS certificates stored and managed in the Azure Key Vault, directly from the PAM360 web interface.
1. How does the PAM360 – Azure Key Vault Integration Work?Let's say you manage a number of Key Vaults in the Azure portal and each of those Key Vaults contains a number of SSL certificates. PAM360 lets you add your Azure credentials in the product and then automatically imports the Key Vaults corresponding to your Azure credentials into the PAM360 repository. Once your Key Vaults are added, you may discover the certificates that are stored in the Key Vaults using the discovery operation. PAM360 allows you to create new certificate requests and renew the existing certificates that are both created in PAM360 and imported from Azure Key Vault. You can import and manage different versions of the same certificate from the Key Vaults. Prerequisites:
2. Importing Azure Key VaultsTo import all key vaults that are being managed in the Azure portal, you must add your Azure credentials in PAM360. Follow the below steps:
Once your credentials are saved, all the key vaults that are related to the saved credential will be automatically imported into PAM360. All the imported vaults will be visible under the Key Vault tab. In case the key vaults are not imported, click the Sync button to manually kick-start the process. If you have any Issuer IDs saved in your Azure portal, press Sync and choose a Key Vault from the pop-up that appears. Now all the issuer certificates from the selected Key Vault will be listed under the Issuer tab. 3. Managing Certificates from Azure Key Vault3.1 Discovering Certificates from Azure Key VaultPAM360 enables you to discover, import, and configure expiry notifications for SSL certificates managed in the Azure portal.
Now all the certificates from the selected Azure Key Vault will be imported and populated in the Azure tab. Note: Please note that every version of a certificate will be considered as an individual certificate in PAM360 and therefore will impact your license count. 3.2. Creating a Certificate RequestPAM360 allows you to create SSL certificate requests for your Azure credential in the Azure key vault that you require. You can even create new versions of existing certificates by providing the same certificate name. All the certificate requests created in PAM360 will be automatically updated in the Azure portal. Follow the below steps:
Once the request is created, go to the Request Status tab to view the status and other details pertaining to a certificate. To obtain the latest certificate from your request, click the Obtain Certificate option available beside the certificate. The following operations can be done on the certificates being managed from the Azure tab:
3.3 Renewing, Deleting, Filtering all Versions of Certificates3.3.1 Renewing CertificatesPAM360 allows you to renew Azure certificates right from the PAM360 interface.
Notes: Please note that you cannot renew the following certificates: 3.3.2 Deleting CertificatesTo delete certificates:
Notes: Please note that the certificate will be deleted only from the PAM360 interface and this operation will not impact the certificate's status in the Azure portal. 3.3.3 Filtering CertificatesTo filter versions of certificates, click the Show dropdown and choose from the options:
4. Azure TLS Secret Management from PAM360As part of the integration, you can manage the Azure TLS secrets stored in Azure key vault alongside SSL certificates from PAM360. Additionally, PAM360 allows you to create new TLS secrets and deploy them to the desired Azure key vault. Note: Only TLS secrets of the Azure key vault will be managed under Azure Secrets of PAM360. 4.1 Discovering TLS Secrets from Azure Key VaultTo discover TLS secrets stored in Azure Key Vault and effectively manage them, PAM360 offers a seamless solution. Follow the below steps to discover the TLS secrets from Azure Key Vault to PAM360.
4.2 Managing Azure TLS Secrets from PAM360To effectively manage Azure TLS secrets using PAM360, follow these steps:
Note: Remember that deleting a Azure TLS secret from PAM360 does not permanently remove it from Azure Key Vault. To delete the TLS secret permanently, you must do so from the Azure portal. | |
[Webinar] Weave privileged access security into your org-wide ITSM workflows. Register now