Over this weekend we released a new version of Cloud Portam. In this release we included basic Key Vault management functionality and some other enhancements. This blog post talks about these enhancements.
Summary of Enhancements
- Basic Key Vault management functionality.
- Account Shared Access Signature for Table & Queue Storage Service.
Key Vault Management Functionality
I’m pleased to announce that using Cloud Portam you can manage Key Vaults in your Azure Subscriptions. In order to manage key vaults in Cloud Portam, first you would need to add the Azure Subscription account. Please see this blog post to get started with adding an Azure Subscription in Cloud Portam:http://cloudportam.wpengine.com/cloud-portam-updates-announcing-the-availability-of-azure-subscription-management-in-cloud-portam/.
Create Key Vault
Cloud Portam enables you to create a new key vault in your Azure Subscription. Creation of a key vault is controlled by Role-based access control (RBAC) thus you will only be able to create a key vault if you have permission to do so.
From the key vaults dashboard, there are three ways by which you can initiate creation of a new key vault as shown below.
You can create a new key vault in 3 easy steps:
Step 1: Specify Resource Group
First, you need to specify a resource group in which this key vault will go. You could either pick from the existing resource groups in your subscription or create a new resource group all together.
A few things I would like to point out here:
- When you choose to create a key vault in an existing resource group, Cloud Portam checks if you have the permission to create resources (key vault in this case) in the selected resource group. If you don’t have the permission, Cloud Portam will tell you about this right here in this step so that you can choose another resource group.
- When you choose to create a key vault in a new resource group, Cloud Portam will try to create that resource group in this step only. You will only be able to proceed if Cloud Portam is able to create a resource group successfully.
Step 2: Specify key vault Information
In this step you will provide information about key vault. You will need to specify vault name, select service tier for the vault (Standard or Premium), location of the vault and whether Virtual Machines are permitted to retrieve certificates stored as secrets from this vault. By default the location of the key vault is set as the location of the resource group but you can change that.
Step 3: Review
In this step Cloud Portam will show you the information you have specified in the previous steps. You can go back to any step and make the changes or proceed with key vault creation.
List Key Vaults
Cloud Portam enables you to view all key vaults in your Azure Subscription.
View Key Vault Properties
Cloud Portam enables you to view properties of a key vault.
Manage Tags on Key Vault
Cloud Portam enables you to manage tags on a key vault. You can create new tag entries (key/value pair) and update or remove existing entries from a key vault.
Please note that managing tags is backed by RBAC thus you will only be able to add/update/remove tags if you have appropriate permission to do so.
View Permissions on Key Vault
Using Cloud Portam, you can view the permissions you have on a key vault. The permissions include the ability to update/delete the vault, permissions on keys & secrets on the vault, and permissions for role assignments and locks.
Manage Locks on Key Vault
Azure Resource Manager API allows you to lock your key vaults to prevent them from being accidentally deleted or updated. Cloud Portam enables you to manage locks on key vaults. Using Cloud Portam, you can create locks on a key vault. You can also view locks on a key vault or even delete the locks on a key vault.
Again, managing locks on key vault is protected by role-based access control thus you will only be able to perform this operation only if you permissions to do so.
Delete Key Vaults
Cloud Portam enables you to delete one or more key vaults from your Azure Subscription.
Please note that deleting key vaults is again backed by role-based access control thus you will only be able to delete a key vault if you have the permission to do so.
Furthermore if a key vault is locked or the resource group where this key vault is contained, you will not be able to delete a key vault.
Deleting a key vault is an irreversible process. To ensure that you really want to delete a key vault we have included a simple CAPTCHA on the delete confirmation box.
This is the first release for managing key vaults in your Azure Subscriptions and quite honestly we have just scratched the surface! There’s a lot to be done. In the next few versions we will be working on managing keys and secrets in a key vault. We will also be working on managing access policies on a key vault.
Account Shared Access Signature for Table & Queue Storage Service
A few versions back we released functionality for creating account-level Shared Access Signature (SAS) on Blob & File Service. In this release we have included functionality to create account-level SAS on Table and Queue Service.
There are a number of things in our immediate product pipeline. We will continue enhancing our Subscription management features by adding support for managing additional services, enhancing key vault management etc. So stay tuned for all these changes.
Try It Out!
We humbly request you to try out these updates in Cloud Portam. This is available in both “Personal” and “Team” editions of Cloud Portam. Though extreme care has been taken regarding testing the current functionality, it is quite possible that we may have overlooked something. If you find something missing or implemented incorrectly, please feel free to reach out to us and tell us. We will fix the issues ASAP.
As you can see we’re constantly investing in making the product more and more useful. Do try out Cloud Portam and these features and let us know what you think. If you think, we can improve it in any way, please feel free to share your thoughts. The link to our website is http://www.cloudportam.com.