D365FO - Setting Up Azure Key Vault Client

Dynamics 365 ERP - Development

The Key Vault client in D365FO is a beneficial feature for storing credentials and connectivity parameters securely in an Azure Key Vault.
Key Vault parameters are saved per-company in D365FO, which can be a drawback when needing to use identical parameters across different legal entities.
The components involved in setting up the Key Vault client include D365FO application, Azure Active Directory, Azure Key Vault, Key Vault Client, and Azure Key Vault Service.
To set up the Azure Key Vault client, steps include creating and configuring a new Key Vault in the Azure portal, registering a new application in Azure AAD, setting up permissions in Azure AD, and configuring the D365FO application with Key Vault URL, client ID, and secret key.
Secrets in the Key Vault can be accessed in X++ code using standard methods like KeyVaultCertificateTable & KeyVaultCertificateHelper.
The format for mentioning a secret in the Key Vault is vault://<KeyVaultName>/<SecretName>/<SecretVersion> or vault:///<SecretName>.
After configuring the Key Vault client in D365FO, secrets can be accessed in X++ code by passing the secret name to the method.
It is important to validate the setup to ensure D365FO can access the key vault secrets successfully.

Registered users can view the full text for FREE!