Scribd Logo
Upload

Welcome to Scribd!

  • 57 views

    Azure Key Vault Integration With IICS

    Uploaded by

    Orachai Tassanamethin
    The document discusses integrating Azure Key Vault with Informatica Intelligent Cloud Services (IICS) connections. It describes automating the process of updating IICS connections to retrieve secret values stored in Azure Key Vault. This is done using IICS Cloud Application Integration assets which include service connectors, app connections, and a cloud integration process to fetch connection parameter values from Azure Key Vault and update the corresponding IICS connections. The methodology implemented and prerequisites for setting up the integration are also outlined. A demo is provided showing the Azure Key Vault permission settings and execution of the IICS cloud application integration assets.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Azure Key Vault Integration With IICS

    Uploaded by

    Orachai Tassanamethin
    57 views23 pages
    The document discusses integrating Azure Key Vault with Informatica Intelligent Cloud Services (IICS) connections. It describes automating the process of updating IICS connections to retrieve secret values stored in Azure Key Vault. This is done using IICS Cloud Application Integration assets which include service connectors, app connections, and a cloud integration process to fetch connection parameter values from Azure Key Vault and update the corresponding IICS connections. The methodology implemented and prerequisites for setting up the integration are also outlined. A demo is provided showing the Azure Key Vault permission settings and execution of the IICS cloud application integration assets.

    Original Title

    Azure Key Vault Integration with IICS

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document discusses integrating Azure Key Vault with Informatica Intelligent Cloud Services (IICS) connections. It describes automating the process of updating IICS connections to retrieve secret values stored in Azure Key Vault. This is done using IICS Cloud Application Integration assets which include service connectors, app connections, and a cloud integration process to fetch connection parameter values from Azure Key Vault and update the corresponding IICS connections. The methodology implemented and prerequisites for setting up the integration are also outlined. A demo is provided showing the Azure Key Vault permission settings and execution of the IICS cloud application integration assets.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    57 views23 pages

    Azure Key Vault Integration With IICS

    Uploaded by

    Orachai Tassanamethin
    The document discusses integrating Azure Key Vault with Informatica Intelligent Cloud Services (IICS) connections. It describes automating the process of updating IICS connections to retrieve secret values stored in Azure Key Vault. This is done using IICS Cloud Application Integration assets which include service connectors, app connections, and a cloud integration process to fetch connection parameter values from Azure Key Vault and update the corresponding IICS connections. The methodology implemented and prerequisites for setting up the integration are also outlined. A demo is provided showing the Azure Key Vault permission settings and execution of the IICS cloud application integration assets.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 23

    07-02-2023

    Azure Key Vault


    Integration with IICS
    Spoorthi Vaidya, Consultant PS
    [email protected]
    Housekeeping Tips

    • Today’s Webinar is scheduled for 1 hour

    • The session will include a webcast and then your questions will be answered live at the end of the presentation

    • All dial-in participants will be muted to enable the speakers to present without interruption

    • Questions can be submitted to “All Panelists" via the Q&A option and we will respond at the end of the presentation

    • The webinar is being recorded and will be available on our INFASupport YouTube channel and Success Portal - where
    you can download the slide deck for the presentation. The link to the recording will be emailed as well.

    • Please take time to complete the post-webinar survey and provide your feedback and suggestions for upcoming topics.

    2 © Informatica. Proprietary and Confidential.


    Feature Rich Success Portal
    _____

    Bootstrap trial and Enriched Customer Product Learning Informatica Tailored training and
    POC Customers Onboarding Paths and Weekly Concierge content
    experience Expert Sessions recommendations

    3 © Informatica. Proprietary and Confidential.


    More Information

    Success Portal Communities & Support Documentation University


    https://success.informatica.com https://network.informatica.com https://docs.informatica.com https://www.informatica.com/in/ser
    vices-and-training/informatica-
    university.html

    4 © Informatica. Proprietary and Confidential.


    Safe Harbor
    The information being provided today is for informational
    purposes only. The development, release, and timing of any
    Informatica product or functionality described today remain
    at the sole discretion of Informatica and should not be relied
    upon in making a purchasing decision.

    Statements made today are based on currently available


    information, which is subject to change. Such statements
    should not be relied upon as a representation, warranty
    or commitment to deliver specific products or functionality
    in the future.
    Agenda

    1 Introduction 2 Key Vault 3 Azure Key Vault -


    Integration Utility - Azure portal setup
    Scope & Purpose

    4 Methodology used 5 Demo 6 Q&A


    for IICS
    connection update

    6 © Informatica. Proprietary and Confidential.


    Introduction

    • This webinar is intended for all IICS developers, administrators, and architects.
    • The session will help you learn how to automate the process of updating the IICS
    connections of any type created in the Administration Service with the secret values in the
    Azure Key Vault using IICS Cloud Application Integration assets.

    7 © Informatica. Proprietary and Confidential.


    Purpose
    What is the purpose of Azure Key Vault integration with IICS?

    • The credentials/connection parameters for IICS Connections are stored in the Azure Key
    Vault Secrets.
    • Update the IICS connection parameters in the higher IICS environment when imported from
    lower IICS environment
    − CI/CD Code Promotion
    − Assets Migration
    • Update the IICS connections on schedule with password rotation.

    8 © Informatica. Proprietary and Confidential.


    Scope
    What is the scope of Azure Key Vault integration utility?

    • Automate the process of updating the IICS connections in the Administration Service
    • IICS Cloud Application Integration Assets are used to automate the process
    • This utility integrates the IICS connection with Azure Key Vault

    9 © Informatica. Proprietary and Confidential.


    Azure Key Vault
    Azure portal settings for Key Vault API
    permission and Access Policy
    Azure Key Vault

    What is Azure Key Vault?


    • Azure Key Vault is a cloud
    service for securely storing
    and accessing secrets. A
    secret is anything that you
    want to tightly control access
    to, such as API keys,
    passwords, certificates, or
    cryptographic keys.

    11 © Informatica. Proprietary and Confidential.


    Access secret values from the Azure Key Vault
    What are the various ways to access the secret values from Azure Key Vault?

    REST API Azure Key Vault Secret Client Library


    • Azure REST APIs • The Azure Key Vault secret
    client library allows you to
    manage secrets
    - Python
    - Node.js
    - Java
    - .NET
    - Go

    12 © Informatica. Proprietary and Confidential.


    Authenticate Azure Key Vault in Code
    How do we authenticate the Azure Key Vault in code?

    • Key Vault uses Azure Active Directory (Azure AD) authentication, which requires an Azure
    AD security principal to grant access.
    • An Azure AD security principal
    - User
    - An Application Service Principal
     Managed Identity
     Registering the application with azure identity platform
    - A group of any of above types
    • A service principal's object ID acts like its username, service principal's client secret acts
    like its password.

    13 © Informatica. Proprietary and Confidential.


    Azure Portal settings
    Permissions to be provided for your service principal application

    • Assign Azure Key Vault API permission


    - Have full access to Azure Key Vault Services for the Application
    • Key Vault Access Policy
    - Access policies enable you to have fine grained control over access to vault items
    - Set the privileges and principal - Application Name

    14 © Informatica. Proprietary and Confidential.


    Auto update of IICS Connections
    Methodology used for IICS connections update
    REST APIs usage
    REST APIs used in the code for automation

    Azure REST APIs IICS REST APIs


    • Get Bearer Access Token • Login V2 /Login V3
    • Get Key Vault Secrets list • Get Connection Details
    • Get Secret Value • Update Connection

    16 © Informatica. Proprietary and Confidential.


    IICS REST API

    • Login V2 /Login V3
    - ServerURL/BaseAPI URL
    - Session Id
    • Get Connection Details
    • Update Connection

    17 © Informatica. Proprietary and Confidential.


    Methodology Implemented
    Flowchart of the Methodology

    18 © Informatica. Proprietary and Confidential.


    IICS Cloud Application
    Integration Assets
    • Service connectors
    - Connect to the IICS REST API
    - Connect to the Azure API
    • App connections
    - App connection on top of the service connector
    • Cloud Application Integration process
    - Process to fetch the connection param values
    from Azure Key Vault and Update the IICS
    Connections

    19 © Informatica. Proprietary and Confidential.


    Prerequisites

    • Azure Portal Key Vault Access permissions set


    • Secrets in the Azure Key Vault need to be named in the following pattern -
    <IICSConnectionName><ConnParamValue>
    - Example- Below are the IICS Connection name and secret name for the username connection
    parameter.
    • IICS ConnectionName: AzureSQLServer
    • Secret name: AzureSQLServerusername
    • <ConnParamValue> need to match the parameter in the IICS REST API GET Connection Detail response.

    • IICS Connection names should contain only alphanumeric character and dashes “-“.
    • Publish the IICS Cloud Application service connectors, App connections, CAI process.

    20 © Informatica. Proprietary and Confidential.


    DEMO
    1. Azure Portal Key Vault Permission
    Settings

    2. IICS Cloud Application Integration


    Assets walkthrough, their execution
    Q&A
    Thank you
    Email: [email protected]

    You might also like