Using App Key Vaults with Business Central Extensions
APPLIES TO: Business Central 2020 release wave 2 and later
Some Business Central extensions make web service calls to non-Business Central services. For example, one extension might call Azure Storage to read/write blobs. Another extension might call the extension publisher's web service to do an operation.
These web service calls are typically authenticated, which means the extension must provide a credential in the call. The credentials enable the other service to accept or reject the call. You can consider the credentials as a kind of secret to the extension. A secret shouldn't be leaked to customers, partners, or anybody else. So where can the extension get the secret from? Here is where Azure Key Vault is used. Azure Key Vault is a cloud service that works as a secure secrets store. It provides centralized storage for secrets, enabling you to control access and distribution of the secrets.
For Business Central online, the app key vault feature is only supported for AppSource extensions.
Getting extensions to use secrets from Azure Key Vault involves two areas of work: setting up and configuring Azure Key Vaults and developing the extensions to use secrets from Azure Key Vault.
Setting up and configuring Azure Key Vaults
An extension can retrieve secrets from one or two different Azure Key Vaults. These key vaults must be created in Azure, and the Business Central service configured to access key vaults. The setup process is different for online and on-premises. For more information, see:
- Setting up App Key Vaults for Business Central online
- Setting up App Key Vaults for Business Central on-premises
Developing the extensions to use secrets from Azure Key Vault
Once you have an Azure Key Vault, you can develop Business Central extensions to retrieve secrets from the key vault. In short, this work involves specifying the key vault's URL and adding code to retrieve a secret from the key vault.
For more information, see Using App Key Vault Secrets in Extensions.
Submit and view feedback for