Integration with Azure Key Vault

Password Manager Pro integrates with Microsoft Azure Key Vault — a cloud service for managing SSL certificates. This integration enables users to request, renew, and manage the SSL certificates stored in the Azure Key Vault by importing them into the Password Manager Pro repository. You can automatically renew certificate requests and automate the end-to-end lifecycle management of SSL/TLS certificates stored and managed in the Azure Key Vault, directly from the Password Manager Pro web interface.

How does the Password Manager Pro - Azure Key Vault Integration Work?
Importing Azure Key Vault
Managing Certificates from Azure Key Vault
3.1 Discovering Certificates from Azure Key Vault
3.2 Creating a Certificate Request
3.3 Renewing, Deleting, Filtering all Versions of Certificates

1. How does the Password Manager Pro - Azure Key Vault Integration Work?

Let's say you manage a number of Key Vaults in the Azure portal and each of those Key Vaults contains a number of SSL certificates. Password Manager Pro lets you add your Azure credentials in the product and then automatically imports the Key Vaults corresponding to your Azure credentials into the Password Manager Pro repository. Once your Key Vaults are added, you may discover the certificates that are stored in the Key Vaults using the discovery operation. Password Manager Pro allows you to create new certificate requests and renew the existing certificates that are both created in Password Manager Pro and imported from Azure Key Vault. You can import and manage different versions of the same certificate from the Key Vaults.

Prerequisites:

To perform the Password Manager Pro - Azure Key Vault integration, the following Azure Credentials are required: Application/client ID, Directory/tenant ID, Subscription ID, and client secret.
You must provide API Access permission to the Key Vault from which you wish to import certificates into Password Manager Pro. The Key Vaults you are importing into Password Manager Pro must also have the following permissions: Key permissions, Secret permissions, Certificate permissions under Access Policies.
The Key Vault owner must have permission to list the key vaults. To grant this, go to Access Control (IAM) >> Add >> Add role assignment and select Assign access to as User, group, or service principal.

2. Importing Azure Key Vault

To import all key vaults that are being managed in the Azure portal, you must add your Azure credentials in Password Manager Pro. Follow the below steps:

Navigate to 'Certificates >> Azure'.
Go to Manage and click Add.
In the Add Azure Credentials pop-up, enter the following attributes:
- Credential Name - enter a unique credential name
- Subscription ID
- Directory ID
- Application ID
- Key
Click Save.

Once your credentials are saved, all the key vaults that are related to the saved credential will be automatically imported into Password Manager Pro. All the imported vaults will be visible under the Key Vault tab. In case the key vaults are not imported, click the Sync button to manually kick-start the process. If you have any Issuer IDs saved in your Azure portal, press Sync and choose a Key Vault from the pop-up that appears. Now all the issuer certificates from the selected Key Vault will be listed under the Issuer tab.
azure-keyvault-3

3. Managing Certificates from Azure Key Vault

3.1 Discovering Certificates from Azure Key Vault

Password Manager Pro enables you to discover, import, and configure expiry notifications for SSL certificates managed in the Azure portal.

Navigate to 'Certificates >> Discovery >> Azure'.
Choose the following attributes from the drop-downs:

Credential Name - The Azure credential from which you wish to import key vaults.
Key Vault - Choose the required key vault from which you wish to import certificates. In case you find that the certificates list is not fully updated, click the sync icon available beside the Key Vault drop-down to manually sync the certificate list from the Azure portal.
Select the Import Previous Versions option to import all available versions of the certificates in the key vault. Click Import.

Now all the certificates from the selected Azure Key Vault will be imported and populated in the Azure tab.

Note: Please note that every version of a certificate will be considered as an individual certificate in Password Manager Pro and therefore will impact your license count.

3.2. Creating a Certificate Request

Password Manager Pro allows you to create SSL certificate requests for your Azure credential in the Azure key vault that you require. You can even create new versions of existing certificates by providing the same certificate name. All the certificate requests created in Password Manager Pro will be automatically updated in the Azure portal. Follow the below steps:

Navigate to 'Certificates >> Azure' and click Request Certificate.
Choose your Azure Credential and the required key vault from the dropdown.
Provide attributes such as the certificate name, domain name, SANs - You can add multiple SAN values separated by a comma.
Enter an email address, choose a Key Algorithm and Key Size from the dropdowns and enter location details.
Enter the certificate validity in months and choose a Lifetime Action from the dropdown. You can choose to either auto renew the certificate upon expiry or choose to send an email notification to your certificate contacts in the Azure portal.
Enter the number of days before which the chosen Lifetime Action must be invoked.
To add optional properties to the new certificate, click Advanced Options to expand the menu. Here, there are two categories of options, Key Usage and Extended Key Usage. Select the required options to set the preferred flags for the certificate to denote the purpose for which the new certificate may be used. The Key Usage options include Non Repudiation, Digital Signature, Data or Key Encipherment, Server/Client Authentication etc. You can choose the properties and mark them as critical by selecting the checkbox.
After adding all the details, click Request Certificate. A new certificate request is created in both Password Manager Pro and the Azure portal.

Once the request is created, go to the Request Status tab to view the status and other details pertaining to a certificate. To obtain the latest certificate from your request, click the Obtain Certificate option available beside the certificate. The following operations can be done on the certificates being managed from the Azure tab:

Obtain Certificate - This option retrieves the selected certificate from the Azure portal.

Obtain History - This option retrieves all the versions of the selected certificate from the Azure portal.

3.3 Renewing, Deleting, Filtering all Versions of Certificates

3.3.1 Renewing Certificates

Password Manager Pro allows you to renew Azure certificates right from the Password Manager Pro interface.

Select a certificate that you wish to renew and click the Renew option at the top.
Enter the validity in months and click Renew. The certificate will be renewed with the specified validity period and will be updated in both Password Manager Pro and the Azure portal.

Notes:

Please note that you cannot renew the following certificates:

Certificates that were issued by a third-party issuer and are currently being managed in the Azure Portal.
Previous versions of existing certificates.

3.3.2 Deleting Certificates

To delete certificates:

Select one or more certificates using the checkboxes.
Click Delete from the top menu.

Notes: Please note that the certificate will be deleted only from the Password Manager Pro interface and this operation will not impact the certificate's status in the Azure portal.

3.3.3 Filtering Certificates

To filter versions of certificates, click the Show dropdown and choose from the options:

Current Certificate - This option will display only the current versions of the certificates.
Previous Versions - This option will display older versions of the available certificates.
All - This option will display all versions of the available certificates.


Integration with Azure Key Vault Password Manager Pro integrates with Microsoft Azure Key Vault — a cloud service for managing SSL certificates. This integration enables users to request, renew, and manage the SSL certificates stored in the Azure Key Vault by importing them into the Password Manager Pro repository. You can automatically renew certificate requests and automate the end-to-end lifecycle management of SSL/TLS certificates stored and managed in the Azure Key Vault, directly from the Password Manager Pro web interface. How does the Password Manager Pro - Azure Key Vault Integration Work? Importing Azure Key Vault Managing Certificates from Azure Key Vault 3.1 Discovering Certificates from Azure Key Vault 3.2 Creating a Certificate Request 3.3 Renewing, Deleting, Filtering all Versions of Certificates 1. How does the Password Manager Pro - Azure Key Vault Integration Work? Let's say you manage a number of Key Vaults in the Azure portal and each of those Key Vaults contains a number of SSL certificates. Password Manager Pro lets you add your Azure credentials in the product and then automatically imports the Key Vaults corresponding to your Azure credentials into the Password Manager Pro repository. Once your Key Vaults are added, you may discover the certificates that are stored in the Key Vaults using the discovery operation. Password Manager Pro allows you to create new certificate requests and renew the existing certificates that are both created in Password Manager Pro and imported from Azure Key Vault. You can import and manage different versions of the same certificate from the Key Vaults. Prerequisites: To perform the Password Manager Pro - Azure Key Vault integration, the following Azure Credentials are required: Application/client ID, Directory/tenant ID, Subscription ID, and client secret. You must provide API Access permission to the Key Vault from which you wish to import certificates into Password Manager Pro. The Key Vaults you are importing into Password Manager Pro must also have the following permissions: Key permissions, Secret permissions, Certificate permissions under Access Policies. The Key Vault owner must have permission to list the key vaults. To grant this, go to Access Control (IAM) >> Add >> Add role assignment and select Assign access to as User, group, or service principal. 2. Importing Azure Key Vault To import all key vaults that are being managed in the Azure portal, you must add your Azure credentials in Password Manager Pro. Follow the below steps: Navigate to 'Certificates >> Azure'. Go to Manage and click Add. In the Add Azure Credentials pop-up, enter the following attributes: Credential Name - enter a unique credential name Subscription ID Directory ID Application ID Key Click Save. Once your credentials are saved, all the key vaults that are related to the saved credential will be automatically imported into Password Manager Pro. All the imported vaults will be visible under the Key Vault tab. In case the key vaults are not imported, click the Sync button to manually kick-start the process. If you have any Issuer IDs saved in your Azure portal, press Sync and choose a Key Vault from the pop-up that appears. Now all the issuer certificates from the selected Key Vault will be listed under the Issuer tab. 3. Managing Certificates from Azure Key Vault 3.1 Discovering Certificates from Azure Key Vault Password Manager Pro enables you to discover, import, and configure expiry notifications for SSL certificates managed in the Azure portal. Navigate to 'Certificates >> Discovery >> Azure'. Choose the following attributes from the drop-downs: Credential Name - The Azure credential from which you wish to import key vaults. Key Vault - Choose the required key vault from which you wish to import certificates. In case you find that the certificates list is not fully updated, click the sync icon available beside the Key Vault drop-down to manually sync the certificate list from the Azure portal. Select the Import Previous Versions option to import all available versions of the certificates in the key vault. Click Import. Now all the certificates from the selected Azure Key Vault will be imported and populated in the Azure tab. Note: Please note that every version of a certificate will be considered as an individual certificate in Password Manager Pro and therefore will impact your license count. 3.2. Creating a Certificate Request Password Manager Pro allows you to create SSL certificate requests for your Azure credential in the Azure key vault that you require. You can even create new versions of existing certificates by providing the same certificate name. All the certificate requests created in Password Manager Pro will be automatically updated in the Azure portal. Follow the below steps: Navigate to 'Certificates >> Azure' and click Request Certificate. Choose your Azure Credential and the required key vault from the dropdown. Provide attributes such as the certificate name, domain name, SANs - You can add multiple SAN values separated by a comma. Enter an email address, choose a Key Algorithm and Key Size from the dropdowns and enter location details. Enter the certificate validity in months and choose a Lifetime Action from the dropdown. You can choose to either auto renew the certificate upon expiry or choose to send an email notification to your certificate contacts in the Azure portal. Enter the number of days before which the chosen Lifetime Action must be invoked. To add optional properties to the new certificate, click Advanced Options to expand the menu. Here, there are two categories of options, Key Usage and Extended Key Usage. Select the required options to set the preferred flags for the certificate to denote the purpose for which the new certificate may be used. The Key Usage options include Non Repudiation, Digital Signature, Data or Key Encipherment, Server/Client Authentication etc. You can choose the properties and mark them as critical by selecting the checkbox. After adding all the details, click Request Certificate. A new certificate request is created in both Password Manager Pro and the Azure portal. Once the request is created, go to the Request Status tab to view the status and other details pertaining to a certificate. To obtain the latest certificate from your request, click the Obtain Certificate option available beside the certificate. The following operations can be done on the certificates being managed from the Azure tab: Obtain Certificate - This option retrieves the selected certificate from the Azure portal. Obtain History - This option retrieves all the versions of the selected certificate from the Azure portal. 3.3 Renewing, Deleting, Filtering all Versions of Certificates 3.3.1 Renewing Certificates Password Manager Pro allows you to renew Azure certificates right from the Password Manager Pro interface. Select a certificate that you wish to renew and click the Renew option at the top. Enter the validity in months and click Renew. The certificate will be renewed with the specified validity period and will be updated in both Password Manager Pro and the Azure portal. Notes: Please note that you cannot renew the following certificates: Certificates that were issued by a third-party issuer and are currently being managed in the Azure Portal. Previous versions of existing certificates. 3.3.2 Deleting Certificates To delete certificates: Select one or more certificates using the checkboxes. Click Delete from the top menu. Notes: Please note that the certificate will be deleted only from the Password Manager Pro interface and this operation will not impact the certificate's status in the Azure portal. 3.3.3 Filtering Certificates To filter versions of certificates, click the Show dropdown and choose from the options: Current Certificate - This option will display only the current versions of the certificates. Previous Versions - This option will display older versions of the available certificates. All - This option will display all versions of the available certificates.