Academy
Hudu Team
Hudu Team
Hudu Team

How to setup an Azure Key Vault for Hudu's API

For security purposes, it's recommended to utilize a secure method to store your sensitive information such as API keys -- as opposed to storing this information inside of the API script itself. This guide will walk you through how to set up and utilize Azure Key Vault to do so.

Azure Key Vault is a cloud service that provides secure storage for keys, secrets, and certificates. For more information on Key Vault, see About Azure Key Vault

What you'll need

Setting up a Key Vault

Create a vault

This guide will walk you through the basic set up of an Azure Key Vault. If your organization has specific requirements, you may need to further customize the settings.

  • Inside of the Azure portal, find or search for "Key Vaults"

  • Click "+ Create"

Basic configuration

  • Enter your Project Details

    • Select your Subscription

    • Select existing or create new Resource group (a container within Azure to hold related resources)

  • Enter your Instance Details

    • Key Vault name

    • Region

    • Pricing tier (standard is typically fine for most cases)

Access configuration

  • Ensure Role-based access control is selected (recommended)

Networking

  • If you'll be utilizing Powershell, you need to enable Public access

  • Select All networks

    • Optionally, select which networks will have access

Review + Create

  • Review that all settings appear correct

  • Click Review + Create button down in the bottom left

Setup access permissions

  • On the left-hand menu, select Access Control (IAM)

  • You'll need to grant role assignments users to add and utilize stored keys.

    • For the purposes of this guide, we'll assume you've selected Key Vault Administrator

    • You can configure permissions for what makes the most sense for your organization. As a minimum, the user accessing will need enough privilege to not only read a vaulted secret, but decrypt it.

  • From the Members tab, assign the users that will be utilizing the keys stored inside this vault.

  • Click Review + Assign to finish assignments

Adding Hudu API keys

  • On the left-hand menu, select Secrets

  • Click Generate/Import

  • Fill in the following fields:

    • Name

    • Secret value: This would be your Hudu API key

  • Click Create down at the bottom

Using secret keys

Most scripts found in the Hudu Community >> Script Library should already contain the below code to call upon Azure Key Vault. The Script Library, however, is community-driven and specific users may not utilize the same key storage methods. If you'd like to utilize Azure Key Vault for API key storage, replace their method with the below code.

Before starting, you'll need to set three (3) variables:

  1. Set your Azure Key Vault name (what you called your Key Vault)

  2. Set the name of your secret (which holds Hudu API key)

  3. Set the URL of your Hudu instance

$AzVault_Name = "ENTER YOUR KEY VAULT NAME HERE"
$AzVault_HuduSecretName = "ENTER YOUR KEY VAULT SECRET NAME HERE"
$HuduBaseURL = "https://your.hudu.domain"

# -------------------------------------------------------------------------
# Init Modules and Sign-In
# -------------------------------------------------------------------------
foreach ($module in @('Az', 'HuduAPI')) {if (Get-Module -ListAvailable -Name $module) 
    { Write-Host "Importing module, $module..."; Import-Module $module } else {Write-Host "Installing and importing module $module..."; Install-Module $module -Force -AllowClobber; Import-Module $module }
}
if (-not (Get-AzContext)) { Connect-AzAccount };
New-HuduAPIKey "$(Get-AzKeyVaultSecret -VaultName "$AzVault_Name" -Name "$AzVault_HuduSecretName" -AsPlainText)"
New-HuduBaseUrl $HuduBaseURL

Further Reading

more →