Azure Key Vault Management - Create or update a key vault

Important: This connector and its actions have been removed from Nintex Workflow and can now be found in Nintex Gallery.

Use the Azure Key Vault Management - Create or update a key vault action A tool for building the processes, logic, and direction within workflows. Actions are the steps the workflow performs to complete a process. to create a new key vault or update the properties of an existing one.

For more information about the Azure Key Vault Management connector, go to Azure Key Vault Management.

Before you begin: 

Jump to:

Configure the Azure Key Vault Management - Create or update a key vault action

  1. Add the action to the workflow and open the action configuration panel. For more information, see Add an action to the workflow.

  2. Select a Connection. If you do not have a connection, see Add a connection.
  1. Select a Subscription credentials which uniquely identify the Microsoft Azure subscription.
  2. Select a Resource group name to which the server belongs.
  3. Specify a Vault name.
  4. Select the supported Azure Location where the key vault should be created.
  5. Specify a Tenant ID. This must be the same Tenant ID used to create the Azure Key Vault Management connection.
  6. Add Access policies.
  7. Specify a SKU family.
  8. Select a SKU name.

Azure Key Vault Management - Create or update a key vault action fields and settings

Section

Field

Description

Variable types

(Unlabeled)

Connection Credentials and other settings that enables workflows to communicate with external systems, services, or applications. It's required to pass data between the workflow and the indicated service, which could be a cloud service, business application, or content store.

The Azure Key Vault Management connection to use to create or update the key vault.

To refresh the available connections, click .

(n/a)
Subscription Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. Text, Decimal, Integer, Boolean, DateTime, Collection
  Resource group name The name of the Resource Group to which the server belongs. Use the values from the drop down. Text, Decimal, Integer, Boolean, DateTime, Collection
  Vault name The name of the vault. Text, Decimal, Integer, Boolean, DateTime, Collection
  Location

The supported Azure location where the key vault should be created. Once the key vault is created, Location is set and cannot be updated.

 Text, Decimal, Integer, Boolean, DateTime, Collection
  Tenant ID

The Azure Active Directory tenant ID used for authenticating requests to the key vault.

Important: This must be the same Tenant ID used to create the Azure Key Vault Management connection.
 Text, Decimal, Integer, Boolean, DateTime, Collection
  Access policies

Click the Access policy button to add an access policy to the key vault. Specify the Tenant ID, Object ID, and then click the Add permission buttons to add permissions to Keys, Secrets, and Certificates.

  • Tenant ID: The Azure Active Directory tenant ID used for authenticating requests to the key vault.

    Important: This must be the same Tenant ID used to create the Azure Key Vault Management connection.

  • Object ID: The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault.

  • Keys: Permissions to keys.

    • Permission

      • Encrypt

      • Decrypt

      • Wrap key

      • Unwrap key

      • Sign

      • Verify

      • Get

      • List

      • Create

  • Secrets: Permissions to secrets.

    • Permission

      • Get

      • List

      • Set

      • Delete

      • Backup

      • Restore

      • Recover

      • Purge

  • Certificates: Permissions to certificates.

    • Permission

      • Get

      • List

      • Delete

      • Create

      • Import

      • Update

      • Manage contacts

      • Get issuers

      • List issuers

 Text, Decimal, Integer, Boolean, DateTime, Collection
  SKU family SKU family name. Currently the only API example of a SKU name is "A". Text, Decimal, Integer, Boolean, DateTime, Collection
  SKU name SKU name to specify whether the key vault is a standard vault or a premium vault. Text, Decimal, Integer, Boolean, DateTime, Collection
  Enabled for deployment Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. Boolean
  Enabled for disk encryption Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. Boolean
  Enabled for template deployment Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. Boolean
Output Key vault

Stores the result of the action as an object. See Vaults - Create or Update API for information on these values.

The following values are returned:

  • Status: (Text)
  • ID: (Text)
  • Name: (Text) Use this value in an Azure Key Vault Management - Delete a key vault action.
  • Type: (Text)
  • Location: (Text)
  • Tags: (Object)
  • Properties: (Object)
    • SKU (Object)
      • SKU family: (Text)
      • SKU name: (Text)
    • Tenent ID: (Text)
    • Access policies: (Collection)
      • Tenant ID: (Text)
      • Object ID: (Text)
      • Permissions: (Object)
        • Key permissions: (Collection)
        • Secret Permissions: (Collection)
        • Certificate permissions: (Collection)
    • Enabled for deployment: (Boolean)
    • Enabled for disk encryption: (Boolean)
    • Enabled for template deployment: (Boolean)
    • HMS pool resource ID: (Text)
    • Vault URI: (Text)
    • Provisioning state: (Text)
 Object