Help Manual - Azure Key Vault Connection Manager

Using the Azure Key Vault Connection Manager

The Azure Key Vault Connection Manager is an SSIS connection manager component that can be used to establish connections with Azure Key Vault (Gen1 / Gen2).

To add an Azure Key Vault connection to your SSIS package, right-click the Connection Manager area in your Visual Studio project, and choose "New Connection..." from the context menu. You will be prompted the "Add SSIS Connection Manager" window. Select the "Azure Key Vault" item to add the new Azure Key Vault Connection Manager.

The Azure Key Vault Connection Manager contains the following two pages which configure how you want to connect to Azure Key Vault.

• General
• Advanced Settings

General Page

The General page on the Azure Key Vault Connection Manager allows you to specify general settings for the connection.

Key Vault Base URL

Specify the Azure key vault Base URL.

Authentication

Authentication Mode

This option allows you to select the type of authentication you want to use in order to connect to your Azure Key Vault instance. Available options are:

• Authorization Code
• Client Credentials
• Certificate

OAuth Authorization Code

Get Token

This button completes the entire OAuth authentication process inside of the toolkit. All you need to do is log in to the service endpoint and authorize our app to generate your token.

Tenant Id

The Tenant ID option allows you to specify the unique ID that identifies the tenant you are connecting to.

Client ID

The Client ID option allows you to specify the unique ID that identifies the application making the request.

Client Secret

The Client Secret option allows you to specify the client secret belonging to your app.

Redirect Url

The Redirect Url option allows you to specify the Redirect Url to complete the authentication process.

Generate Token (In App)...

The Generate Token File (In-App)... button completes the entire OAuth authentication process inside the toolkit. All you need to do is log in to the service endpoint and authorize our app to generate your token.

Generate Token (In Browser)...

The Generate Token File (In Browser)... button completes the OAuth authentication using your default browser. After you click this button simply follow the steps in the dialog to generate your token.

Path to Token File

The path to the token file on the file system.

Token File Password

The password to the token file.

OAuth Client Credentials (service-to-service authentication):

Tenant ID

The Tenant ID option allows you to specify the unique ID that identifies the tenant you are connecting to.

Client ID

The Client ID option allows you to specify the unique ID that identifies the application making the request.

Client Secret

The Client Secret option allows you to specify the client secret belonging to your app.

Certificate Location

Choose the certificate location from File System or Store.

Certificate Thumbprint (When Certificate store is selected)

Choose the certificate thumbprint.

Path to Certificate (When Certificate File System is selected)

Certificate location from File System can be specified here.

Certificate Password (When Certificate File System is selected)

The password for the certificate selected.

Token Details

The details like User, Name, Account Type, App Name, Scopes, etc. are displayed here based on the token you have generated.

Test Connection

After all the connection information has been provided, you may click the Test Connection button to test if the connection settings entered are valid.

Proxy Page

The Proxy page on the Azure Key Vault Connection Manager allows you to specify some advanced and optional settings for the connection.

Proxy Server Settings

Proxy Mode

The Proxy Mode option allows you to specify how you want to configure the proxy server setting. There are three options available.

• No Proxy
• Auto-detect (Using system-configured proxy)
• Manual

Proxy Server

Using the Proxy Server option allows you to specify the name of the proxy server for the connection.

Port

The Port option allows you to specify the port number of the proxy server for the connection.

Username (Proxy Server Authentication)

The Username option (under Proxy Server Authentication) allows you to specify the proxy user account.

Password (Proxy Server Authentication)

The Password option (under Proxy Server Authentication) allows you to specify the proxy user's password.

Note: The Proxy Password is not included in the connection manager's ConnectionString property by default. This is by design for security reasons. However, you can include it in your ConnectionString if you want to parameterize your connection manager. The format would be ProxyPassword=myProxyPassword; (make sure you have a semicolon as the last character). It can be anywhere in the ConnectionString.

Advanced Settings Page

The Advanced Settings page on the Azure Key Vault Connection Manager allows you to specify some advanced and optional settings for the connection.

Timeout (secs)

The Connection Timeout option allows you to specify the number of seconds for the request timeout values. The default value is 120 seconds.

API Throttling Rate

The throttling rate can be chosen as how many request per second, minute, or hours to be sent using the connection manager/task.

Retry on Intermittent Errors

Use this option to indicate if Azure Blob Storage retry policy will be used. The Azure Storage SDK built-in retry policy provides support for linear (constant delay) and exponential with randomization retry intervals. Uncheck this option to effectively disable retries.