This step 6 of 10 in the post-serie “How-To: How installing a secure Service Azure Fabric Cluster (ASF) with Azure Resource Management (ARM) Template”.
In this step we prepare the settings of a SF Application in Visual Studio 2017. The Application is registered in AAD, this way we can control which application is allowed or not to access another applicatie. To make this possible the AppId and AppKey of the calling application is needed. With this combination we authenticate to the other application we are calling. Besides the information we also need some AAD information, such as AAD-Instance, TenantId & AAD-Uri, these are stored in the Key Vault Application Secrets. An example of an application can be found on mine GitHub over here.
|Overview of the steps|
|01.||Create and import the certificates|
|02.||Register SF Application in AAD and create AppKey|
|03.||Generate encrypted AppKey|
|04.||Lookup the service principles|
|05.||Create the Key Vaults with ARM|
|06.||[CURRENT] Adjust the SF Application settings|
|07.||Upload certificates to Key Vault|
|08.||Register the Service Fabric System Applications|
|09.||Install SF Cluster with ARM|
Step 06: ADD settings in the config of the SF Applications
Add address of the Key Vault with Application Secrets
- To extract variables from the KeyVault you have to know the address of the Key Vault, The address can be found in the Azure Portal when you have created the Key Vaults. In mine case: https://blog-akv-as-kv-d.vault.azure.net/secrets.
Edit Application Manifest
- Below the node “DefaultService” add the following:
<Principals> <Users> <User Name="sfclusteradmin" AccountType="NetworkService" /> </Users> </Principals> <Policies> <SecurityAccessPolicies> <SecurityAccessPolicy ResourceRef="[DataCertificateName]" PrincipalRef="sfclusteradmin" ResourceType="Certificate" /> </SecurityAccessPolicies> </Policies> <Certificates> <SecretsCertificate X509FindValue="[DataCertificateThumbprint]" Name="[DataCertificateName]" /> </Certificates>
Add Application Parameter file to project
- Go to the service fabric project and open one of the XML files. I assume you know the meanings of the different ApplicationParameters XML files.
- Earlier you have written the encrypted appkey down. Use that value in application parameter file. We also need to put the thumbprint of the certificate in this file.
Next step: Step 07 – Upload certificates to Key Vault