You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: powerapps-docs/maker/common/wrap/create-key-vault-for-code-signing.md
+30-5Lines changed: 30 additions & 5 deletions
Original file line number
Diff line number
Diff line change
@@ -16,9 +16,7 @@ contributors:
16
16
# Create Azure key valut for wrap for Power Apps
17
17
You need to have [Azure Key Vault](/azure/key-vault/general/basic-concepts) set up to automatically sign your Android or iOS mobile app package in **Step 2** of wrap wizard. Azure key vault is a cloud service that provides a secure store for secrets. You can securely store keys, passwords, certificates, and other secrets. More information: [Intoduction to Azure key vault](https://learn.microsoft.com/en-us/azure/key-vault/general/overview).
18
18
19
-
You can use an exsiting Azure key vault or create a new one one using the isnructions below.
20
-
21
-
//on Azure portal at [https://portal.azure.com](https://portal.azure.com).
19
+
You can use an exsiting Azure key vault or create a new one one on Azure portal at [https://portal.azure.com](https://portal.azure.com) using the isnructions below.
22
20
23
21
**Prerequisites**
24
22
@@ -29,7 +27,7 @@ You can use an exsiting Azure key vault or create a new one one using the isnruc
29
27
30
28
Follow these steps to create **Azure key vault** for wrap for Power Apps and configure **KeyVault URI**:
31
29
32
-
1. Sign in to your tenent as an admin and create a new Azure service principal for 1P AAD application: **4e1f8dc5-5a42-45ce-a096-700fa485ba20 (WrapKeyVaultAccessApp)** by running the following script: <br>
30
+
1. Sign in to your tenant as an admin and create a new Azure service principal for 1P AAD application: **4e1f8dc5-5a42-45ce-a096-700fa485ba20 (WrapKeyVaultAccessApp)** by running the following script: <br>
33
31
`Connect-AzureAD -TenantId <your tenant ID>` in Power Shell <br>
- In your Default subscription's **Access Control (IAM)** on Azure portal at [https://portal.azure.com](https://portal.azure.com), add a **Reader** role assignment to the **Service Principal** representing your app, e.g. **Wrap KeyVault Access App**. Make sure it is present in both **Subscription's IAM**, and the **Keyvault's IAM**.
102
+
103
+
Go to **Access control (IAM)** tab and select **Add role assignment** option under **Add** menu button.
104
+
105
+
> [!div class="mx-imgBorder"]
106
+
> ![Add role assignment on Access control tab.](media/how-to-v2/Access_control_tab.png"Add role assignment on Access control tab.")
107
+
108
+
Select **Job fucntion roles** tab and make sure **Reader** role is selcetdd. Then click on **Members** tab in the top menu.
109
+
110
+
> [!div class="mx-imgBorder"]
111
+
> ![Click on Members tab.](media/how-to-v2/Add_members.png"Click on Members tab.")
112
+
113
+
Search for **Wrap KeyVault Access App** on **Members** tab.
114
+
115
+
> [!div class="mx-imgBorder"]
116
+
> ![Search for Wrap KeyVault Access App.](media/how-to-v2/Add_role_assignment.png"Search for Wrap KeyVault Access App.")
117
+
118
+
Select **Wrap KeyVault Access App** and click on **Review + assign** button on the bottom of the tab to assign **Reader** role to it.
119
+
120
+
> [!div class="mx-imgBorder"]
121
+
> ![Assign Reader role to Wrap KeyVault Access App.](media/how-to-v2/Add_role_for_wrap_signing.png"Assign Reader role to Wrap KeyVault Access App.")
122
+
123
+
103
124
## 1000119
104
125
105
126
| Error code | Description |
106
127
| ------------- |:-------------:|
107
128
|1000119 | Keyvault does not exist, OR Keyvault is missing access privileges|
108
129
130
+
- Verify that your Azure key vault is in the Default Subscription for your tenant.
131
+
132
+
- Make sure to to select **Vault access policy** option when creating your key vault.
0 commit comments