====== Deploy Azure Key Vault ======

Creating an Azure Key Vault - Don's Version

  - Login to the correct subscription.
  - In the Search Bar search for Key Vault and select Key Vaults
  - Click Create in upper left
  - Select the correct subscription and resource group, which has to already exist.
  - Enter Key Vault name, Select Region, and select pricing tier (normally Standard)
  - Choose days to retain deleted vault based on needs.
  - Choose to enable or disable purge protection based on needs.
  - Click Next
  - Choose permission model (should be Azure Role-Based access control)
    - Select Resource Access as needed
    - Click Next
  - Configure Networking as needed, either Public (normally no) or Private Endpoint, which requires a preexisting network.
  - Click next if you want to configure tags, if not click Review + Create
  - This will create the Key Vault and when done you can click Go To Resource
  - Click on Access Control (IAM) and configure users or roles to access the vault
    - At a minimum the role has to have Get capabilities for the Key Vault.
  - Click on Objects and create either Keys, Secrets, or Certificates as needed.
  - Test retrieval via the selected method be it VM, CLI, or deployment.
    - Easiest test is from the CLI.
    - Login: az login --tenant siriusazuretest.onmicrosoft.com (for AI Lab)
    - Select the right tenant from the list
    - Run key vault retrieval command: az keyvault secret show --vault-name don-secret-vault-of-gold --name donsecret
    - Use your secret in the desired way.

[[ai_knowledge|AI Knowledge]]