ServiceNow and Azure KeyVault

karsrao · ‎05-13-2021

We are trying to use Azure KeyVault as a possible solution store secret. However i couldn't find or understand the best approach to authenticate a Azure KeyVault, basically is it as simple as using service principal or requires similar setup to CyberArk (where we have jar files in Mid-Server) .i.e may custom jar files.

Appreciate any input if anyone has managed to successfully use Azure KeyVault and integrate with ServiceNow

karsrao · ‎05-13-2021

We got it working using client credential flow, had trouble finding the scope name, fyi use "https://vault.azure.net/.default" and ensure the app registered has right privilege's in Azure keyVault to get secret and ensure vault uses rbac policy

hth

View solution in original post

karsrao · ‎05-13-2021

We got it working using client credential flow, had trouble finding the scope name, fyi use "https://vault.azure.net/.default" and ensure the app registered has right privilege's in Azure keyVault to get secret and ensure vault uses rbac policy

hth

kbsimm · ‎10-30-2023

Your solution says you got "it" working via a client credential flow. However, your original question was "understand the best approach to authenticate an Azure KeyVault". How did you solve that authentication approach? Where did you store the credential you used to authenticate to the Azure KeyVault?

kshim21 · ‎01-02-2024

At that we had to store credential that we used to authenticate to vault in ServiceNow. Also it was a POC, ideally now we use certificate based OAuth

Clarkie1 · ‎09-04-2022

I know this is a little late, but curious what use case this was for - was the secret storage for APIs only, discovery or user authentication?

Thanks