I’ve written final weblog about accessing Azure KeyVault from Microsoft PowerAutomate
Entry Azure Key Vault from PowerAutomate | Tech Wizard
This weblog is all about accessing it from ServiceNow.
Accessing Azure Key Vault from ServiceNow is usually a helpful function for managing delicate info equivalent to passwords, certificates, and API keys.
Through the use of Azure Key Vault, you possibly can centralize and handle secrets and techniques in a safe method, whereas additionally leveraging ServiceNow’s capabilities for enterprise-level workflows and processes.
First register the AZUREAD APP with permission as user_impersonation from Azure Key Vault API.
To create an Azure AD utility, observe these steps:
-
Log in to the Azure portal.
-
Navigate to the Azure Energetic Listing.
-
Click on on App registrations after which click on on New registration.
-
Enter a reputation for the applying, and select the suitable account kind.
-
Click on on Register to create the applying.
-
Notice down the Software ID and Tenant ID. These values will likely be required later within the course of.
Under Permissions are required:
We are going to make the most of the Shopper Secret right here.
Notice: Present this app get secret rights to the Key vault from which you need to learn the secrets and techniques
Now in ServiceNow Circulation designer that you must create two actions:
- To get the entry token
- To get the key from the Vault
Create a brand new REST motion, create an API key kind credentials
Beneath base URL enter under hyperlink as per your tenantid you will get that from azuread registered app by hitting endpoints:
In Service Now enter the v2.0 token hyperlink
Beneath Headers use:
Content material-Sort utility/x-www-form-urlencoded
Beneath Request Content material:
grant_type=client_credentials
&client_id=ClientID
&client_secret=secret
&scope=httpspercent3Apercent2Fpercent2Fvault.azure.netpercent2F.default
Subsequent add Parse the Json motion and choose the Response physique from above step and generate the goal
Beneath Outputs, create a variable identify accesstoken and drag the access_token to it.
Save, take a look at and publish the circulate.
This motion will generate the entry token that you’ll make the most of in your subsequent motion to get the Secret from KeyVault.
Create a brand new motion and outline enter as accesstoken
Add a REST STEP, beneath connection particulars add base url as your vault url, connection alias use something from drop down as anyhow we will likely be suing entry token right here
Beneath Request Particulars:
Useful resource path is your precise secret relative path, that you must finish it by ?api-version=7.3 els eit is not going to work
ADD a Json Parser step
Beneath outputs outline a output variable and get worth which is your secret.
Go forward, first generate the entry token after which take a look at this motion to get the key, if the whole lot has been adopted appropriately, it would work 😊
Thanks for studying…
Tech Wizard
