Skip to content

How to Use Azure Key Vault in Dynamics 365 F&O

Hi. In this article, I will show you to usage of Azure Key Vault in Dynamics 365 Finance and Operations. Basically Azure Key Vault is a safe way to store your secrets in the cloud. If you want to learn more, check here.

Let’s start.

1. Create & Setup a new Key Vault

First, we need to create a new Key Vault on Azure Portal. Open Key vaults page on Azure Portal and click Create.

Fill in the necessary fields like picture in the below and create a new vault.


Copy and save the public Vault URL. We will use it inside of D365 F&O later.


Let’s create a new Secret inside our vault.


2. Setup Permissions

Let’s setup the necessary permissions to access our Azure Key Vault from D365 F&O.

Create a new App registration.


Copy and save Application (Client) ID. We will use it later. This is like a username to access our vault.



Create a new client secret for App registration. This is like a password to access our vault.


Copy and save the value of client secret. We will use it later.



Now, we need to create an Access Policy. Through this policy, our App registration can access our vault.



Select our newly created App registration.



Set the necessary permissions. In our example, we will only use Secrets section. Get and List permissions are enough at this point.


Don’t forget to click Save button.


3. Setup Dynamics 365 Finance & Operations

Open Key Vault parameters form under System administration > Setup.

Fill in the necessary fields we saved earlier.

Key vault client: App registration – application (client) ID.

Key vault secret key: App registration – value of client secret.

Now we can define our secrets. Note that, Secret field must be written in this format:

vault://[keyvaultname]/secretname/[secretversion]

If you didn’t specify a secret version, it will use the latest one.


4. Usage via X++

We set it everything. Now, we can access our secret inside of X++. Copy the job code in the below and run.

public class GSKeyVaultJob
{
    public static void main(Args _args)
    {
        KeyVaultCertificateTable    certTable = KeyVaultCertificateTable::findByName("TestSecret");
        str value = KeyVaultCertificateHelper::getManualSecretValue(certTable.RecId);

        info(value);
    }
}

Here is our secret value.


Helper classes

D365 F&O is using these classes to access Key Vault. Check it out if you want to see under the hood.

There are also some methods in these classes that will allow you to access your secrets directly without the setup in section 3.

  • KeyVaultCertificateHelper
  • ExternalKeyVaultAccessor

Conclusion

We covered the basic usage of Azure Key Vault inside of D365 F&O in this article. Thanks for reading.

Leave a Reply

Your email address will not be published.