Hello everyone. Today I’m going to demo how we can leverage SmartKey, to import SmartKey, into Azure Key Vault. Before this demo, I’ve already created one of the Azure Key Vault for this demo. So, I can assess this one.

In order to, for this demo, first you need to do is to complete assess policies, you have to register through this application into this Key Vault, so that this application can assess this Key Vault and perform the im-port operations. In order to register this application, you also have to go to Azure Active Directory, go to the App Registrations.

Equinix Product Readiness

S P O T L I G H T O N Network EdgeFUNCTIONAL LEARNING DEMOS

Azure KMS BYOKCHEN XI, Senior Staff Engineer

1

2

AZURE KMS BYOK

I have pre-installed Azure application here for this demo. So, we have to enable the API provisions to make sure that we have all full access to the Azure Key Vault services, and that we also need to create one security key for API call. So, I named as an API key so that later I’m going to use an API to call and perform the import operations. So, that’s the preparation work. I also need to create one RSA key, and the SmartKey, and use some APIs to import this RSA key into Azure.

For this demo, I’m going to use in Postman and perform some of the API to achieve this goal. So, the first thing that I need to generate an RSA key. So, I’m going to generate an RSA key with a key size to 2048. Please note that we have to make sure that key operation should be added Export, so that later we can

3

AZURE KMS BYOK

have a permission to export the key value for this RSA key. So, I just grant this. So, you can see that the response, they will have a key created, and then we are going to export this key because our current SmartKey, we can only see the public key, but we have private key for these cases. I’m going to use a SmartKey another API, export API, to export a private key of this RSA, so I’m going to run this, so that we can have a value. This value is a basically for encoder of the private key, so I need to use this key to im-port into Azure.

Let’s quickly review the current requirements for Azure API, so actually they need this kind of payload, so that we can import, which is our JSON web key, so we need to have some of the utilities to convert the

4

AZURE KMS BYOK

basis for encode, so far I have into that format. So, I have one script. We already have that so we can do a version, which is in front by the Python screen. So, I copy the value.

Okay, so this is the JSON web key. I’m going to use for the API call. So, I copy this JSON web key, and then now I’m going to use Azure API to import this key. So firstly, I need to login, so just now in order to login I need to provide my tenant ID informations, and we need to provide these things.

So now I can provide blocking, so I will get this access token and I’m going to use this access token for the import operations. So, in this code, I need to pass the access token and the inside the path param-eters, I need to make sure the key name, so let me mention about rsa-key-1. And then inside the body, I need to paste the result just now I generated.

5

AZURE KMS BYOK

Okay, so now I’m going to send a request to Azure. Okay, so I get a response and it says that is created successfully. So now I can go to the portal to see whether I have created successfully for that, so I can go to the home. Can clear Azure BYOK Key Vault. I clear the keys. So, you can see that the rsa-key-1 has been created.

Yeah, that’s all for the demo. Thank you.

© 2019 Equinix, Inc.