LogoLogo
LogoLogo
  • Welcome
    • Navigation
  • RealmJoin Deployment
    • Onboarding
    • Required Permissions
    • Infrastructure Considerations
      • Multi User Devices
    • Migration to RealmJoin vNext
  • User, Group and Device Management
    • Overview
    • User Profile
    • Organization Details
    • User, Group and Device Lists
      • User Details
      • Group Details
      • Device Details
    • User and Group Settings
      • Available RealmJoin Policies
  • App Management
    • Packages
      • Package Store
        • Application Store Details
      • Package Management
      • Package Details
      • Package Assignments
        • Package Migration
      • Package Settings
      • Packaging Requests
        • Organic Packages
    • AVD Templates
  • Automation
    • Connecting Azure Automation
      • Required Permissions
      • Runbook Parameters
    • Runbooks
      • Runbook Customization
      • Runbook Permissions
      • Naming Conventions
      • Runbook Scheduling
      • Runbook Logs
        • Runbook Job Details
      • Runbooks Changelog
    • Requirements
    • Remediation Scripts
  • RealmJoin Agent
    • Features
      • Local Admin Password Solution (LAPS)
        • KeyVault
        • Application Insights
      • Notifications
      • AnyDesk Integration
        • RealmJoin Tasks
        • Customer Tasks
      • App Deployment using the Agent
        • RealmJoin ESP
    • Deploying the Agent
    • User Interface
  • Logs
    • Connecting Azure Log Analytics Workspace
    • Audit Log
  • RealmJoin Settings
    • Overview
    • General
    • Permissions
    • Group Namespaces
    • Workplace Cloud Storage
    • Self Service Forms
    • Custom Roles
      • Available Permissions
  • Developer Reference
    • RealmJoin API
      • Authentication
    • Interacting with Runbooks
    • Simulating a Runbook Environment
    • Local Admin Password Management
  • Other
    • FAQ
      • Security
    • Troubleshooting
      • Package Installation Issues
        • Collecting Logfiles
        • Logfiles Structure
        • Analysing chocolatey.log
        • Troubleshooting failed chocolatey packages
        • Troubleshooting failed craft packages
        • Fixes for common issues
        • Intunewin Debugging
      • LAPS Issues
        • LAPS account passwords cannot be retrieved
        • Requested LAPS Accounts are not being created
    • Changelog
  • Legal
    • Licensing
    • Support
  • RealmJoin Website
Powered by GitBook
On this page
  • Create KeyVault
  • KeyVault Storage of Secrets

Was this helpful?

Edit on GitHub
  1. RealmJoin Agent
  2. Features
  3. Local Admin Password Solution (LAPS)

KeyVault

Cloud applications and services use cryptographic keys and secrets to help keep information secure. Azure Key Vault safeguards these keys and secrets. When you use Key Vault, you can encrypt authentication keys, storage account keys, data encryption keys, .pfx files, and passwords by using keys that are protected by hardware security modules.

Create KeyVault

The following table shows you the steps for Azure KeyVault Creation:

Task
Image

2. Start with Create a resource

3. Type in Key Vault in the search field

4. On the detail page click Create

5. Fill out the required fields. Please make sure to use a distinct naming scheme for the keyvault URL. For example: rj-[tenant]-[service]

6. Click Review + Create

7. Review your settings and configurations and click Create

8. Wait for the successful deployment

9. Click Go to resource

10. Navigate to Access policies

11. Click Add Access Policies

12. Select Key, Secret & Certificate Management as template and add RealmJoin as Select principal

13. Click Key permissions

14. For Cryptographic Operations add Decrypt, Encrypt, Unwrap Key, Wrap Key, Verify and Sign

15. Click Save and then OK

KeyVault Storage of Secrets

RealmJoin will not store the secret in any proprietary storage but instead create an Azure KeyVault Secret to store it in a secure and auditable way. The KeyVault API is documented here:

https://docs.microsoft.com/en-us/rest/api/keyvault/secrets/set-secret/set-secret

The entry in KeyVault will be added with the Azure device ID as a key and the plain GUID as the secret value. See the following example:

Last updated 11 months ago

Was this helpful?

1. Open

16. Finally, go to Overview and share the DNS Name with the

Azure Portal
RealmJoin Support