we deployed an AXON server in Azure and want to protect the server (http & grpc). In our “standard” deployment (Terraform) we create certificates via ACME/Buypass and save the certificates into an Azure KeyVault.
I am looking for an approach to integrate/use these Azure KeyVault certificates to use/inject them into the AXON server. Is that possible at all? A step by step documentation how to achieve that would be wonderful.
Honestly, I am not familiar with Azure KeyVault at all.
What I can point you to is our Reference Guide.
More specifically, the Access Control section of Axon Server.
As stated, I don’t know the specifics of Azure KeyVault.
However, I’d assume they’d provide integration with LDAP and/or OAuth 2.0 one way or another.
It’s important to note though that Axon Server’s extensions are an Enterprise feature only.
Hence, if you’re using Axon Server Standard Edition, you’d not be able to use these extensions directly.
A step by step documentation how to achieve that would be wonderful.
As you might’ve guessed, there isn’t anything like that.
Nonetheless, I hope the Access Control pointers I gave you point you in the right direction, @Joe.
By the way, if the problem is a general usage request for enabling Azure Key Vault, maybe this tutorial from Microsoft themselves could help.
Thanks for your reply. In the meantime we solved it. The major topic in integrating the certificates was certificates formats which caused a lot of trouble and not AXON or KeyVault. At the end if you know how to it, it was straight forward as always.
Now all is build in Terraform
We create certificates via buypass and save them in AzureKeyVault
We create tls passoword in KeyVault
Extract the cert from keyVault - Cert & Private Key - Private Key is in pkcs1 format
Convert the PKCS1 to PKCS8
Create the P12 with the passoword created in step2
Inject .cer, .key, .p12 into AXON via storage and modify axon.properties