This is a sample connector. The connector is provided here with the intent to illustrate certain features and functionality around connectors.
Azure Key Vault provides a powerful and very extensive REST API. Using this API, you can manage your keys, certificates, and secrets in an Azure Key Vault account. Very often, you may want to leverage those secrets in your application, or in your process automation.
You will need the following to proceed:
- A Microsoft Power Apps or Power Automate plan with custom connector feature
- An Azure subscription
- The Power platform CLI tools
Since Key Vault APIs are secured by Azure Active Directory (AD), we first need to set up a few thing in Azure AD so that our connectors can securely access the Key Vault. After that is completed, you can create and test the sample connector.
We first need to register our connector as an application in Azure AD. This will allow the connector to identify itself to Azure AD so that it can ask for permissions to access Key Vault data on behalf of the end user. You can read more about this here and follow the steps below:
-
Create an Azure AD application This Azure AD application will be used to identify the connector to Azure Key Vault. This can be done using [Azure Portal] (https://portal.azure.com), by following the steps here. Once created, note down the value of Application (Client) ID. You will need this later.
-
Configure (Update) your Azure AD application to access the Azure Key Vault API This step will ensure that your application can successfully retrieve an access token to invoke Azure Key Vault on behalf of your users. To do this, follow the steps here.
- For redirect URI, use “https://global.consent.azure-apim.net/redirect”
- For the credentials, use a client secret (and not certificates). Remember to note the secret down, you will need this later and it is shown only once.
- For API permissions, make sure “Azure Key Vault” and “user_impersonation” are added.
At this point, we now have a valid Azure AD application that can be used to get permissions from end users and access Azure Key Vault. The next step for us is to create a custom connector.
Run the following commands and follow the prompts:
paconn create --api-def apiDefinition.swagger.json --api-prop apiProperties.json --secret <client_secret>
The connector supports the following operations:
List keys: List keys in the specified vaultGet key: Gets the public part of a stored keyCreate key: Creates a new keyDecrypt data: Decrypts a single block of encrypted dataEncrypt data: Encrypts an arbitrary sequence of bytes using an encryption keyList secrets: List secrets in a specified key vaultGet secret: Get a specified secret from a given key vaultCreate or update secret value: Sets a secret in a specified key vaultList secret versions: List all versions of the specified secretGet secret version: Get the value of a specified secret version from a given key vault