Add clarification on authenticating to Azure (#2241)

* Add clarification on authenticating to Azure Add a comment pointing further down for more information. Signed-off-by: Aaron Crawfis <Aaron.Crawfis@microsoft.com> * Update to non-depracated fields Signed-off-by: Aaron Crawfis <Aaron.Crawfis@microsoft.com> * Remove extra value Signed-off-by: Aaron Crawfis <Aaron.Crawfis@microsoft.com> Co-authored-by: Mark Fussell <markfussell@gmail.com>
2022-03-14 15:14:48 -07:00 · 2022-03-14 15:14:48 -07:00 · 17862794ba
parent e2cc4d79d7
commit 17862794ba
1 changed files with 18 additions and 19 deletions
--- a/daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault.md
+++ b/daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault.md
@ -23,21 +23,19 @@ spec:
  type: secretstores.azure.keyvault
  version: v1
  metadata:
-  - name: vaultName
+  - name: vaultName # Required
    value: [your_keyvault_name]
-  - name: spnTenantId
+  - name: azureEnvironment # Optional, defaults to AZUREPUBLICCLOUD
    value: "AZUREPUBLICCLOUD"
  # See authentication section below for all options
  - name: azureTenantId
    value: "[your_service_principal_tenant_id]"
-  - name: spnClientId
+  - name: azureClientId
    value: "[your_service_principal_app_id]"
-    value : "[pfx_certificate_contents]"
+  - name: azureCertificateFile
  - name: spnCertificateFile
    value : "[pfx_certificate_file_fully_qualified_local_path]"
 ```
 {{% alert title="Warning" color="warning" %}}
 The above example uses secrets as plain strings. It is recommended to use a local secret store such as [Kubernetes secret store]({{< ref kubernetes-secret-store.md >}}) or a [local file]({{< ref file-secret-store.md >}}) to bootstrap secure key storage.
 {{% /alert %}}
 ## Authenticating with Azure AD
 The Azure Key Vault secret store component supports authentication with Azure AD only. Before you enable this component, make sure you've read the [Authenticating to Azure]({{< ref authenticating-azure.md >}}) document and created an Azure AD application (also called Service Principal). Alternatively, make sure you have created a managed identity for your application platform.
@ -48,10 +46,11 @@ The Azure Key Vault secret store component supports authentication with Azure AD
 |--------------------|:--------:|---------|---------|
 | `vaultName` | Y | The name of the Azure Key Vault | `"mykeyvault"` |
 | `azureEnvironment` | N | Optional name for the Azure environment if using a different Azure cloud | `"AZUREPUBLICCLOUD"` (default value), `"AZURECHINACLOUD"`, `"AZUREUSGOVERNMENTCLOUD"`, `"AZUREGERMANCLOUD"` |
 | Auth metadata | | See [Authenticating to Azure]({{< ref authenticating-azure.md >}}) for more information
 Additionally, you must provide the authentication fields as explained in the [Authenticating to Azure]({{< ref authenticating-azure.md >}}) document.
-## Create the Azure Key Vault and authorize the Service Principal
+## Example: Create an Azure Key Vault and authorize a Service Principal
 ### Prerequisites
@ -111,7 +110,7 @@ Make sure you have followed the steps in the [Authenticating to Azure]({{< ref a
    --scope "${RG_ID}/providers/Microsoft.KeyVault/vaults/${KEYVAULT_NAME}"
  ```
-## Configure the component
+### Configure the component
 {{< tabs "Self-Hosted" "Kubernetes">}}