Secrets Store

Serviceboard provides two options for managing and storing your secrets which are used to authenticate to your integration services:

Internal Store

The secrets are securely stored and encrypted in your database and decrypted only when used (e.g. provisioning a service).

Azure Key Vault

Only non sensitive data is stored in your database for better user experience when working with Serviceboard, however the secrets itself (such as passwords, tokens, api keys etc) are stored in Azure Key Vault and are fetched only during service execution.

How to configure Azure Key Vault for Serviceboard.

Subsections of Secrets Store

Azure Key Vault

This section helps you to configure your secrets store when using Azure Key Vault service.

Note

You need to restart the backend application to fully apply the changes.

Azure Configuration

Create an Azure Enterprise Application

  1. Navigate to App Registrations and create a new application (e.g. Serviceboard).
  2. Open the application overview and create a new client secret in the Certificates & secrets section.
    Note

    Save the client secret value as you will need it for enabling the integration with Serviceboard.

azure_kv_secrets.png azure_kv_secrets.png

Create an Azure Key Vault

  1. Navigate to Key Vaults and create a new one:
  • Name (e.g. Serviceboard)
  • Add an Access Policy for the application you created in the previous step with the following scopes: Get, Set and Delete for the Secret permissions. azure_kv_perms.png azure_kv_perms.png!
  • Select principal: select the application you created before.
  • Click Add

Serviceboard Configuration

Navigate to Settings → Global Settings → Secrets Store and change the secret store to Azure Key Vault. The following configurations need to be done as well:

Setting Description Example
Tenant ID Tenant ID - Can be found in Overview section of your Azure Active Directory. f1a9ce31-280c-4525-91ff-48dc4ab567a5
Client ID Application ID of the enterprise application created in Azure. Can be found in Properties section of your created Enterprise Application. d7c78506-331f-404c-88e1-08d40bb0e4ab
Subscription ID Subscription ID Can be found in Properties section of your created Key Vault. a49a22c4-43bb-4339-83c7-12c4d7073c6a
Vault Base URL The base url of your Azure key vault. Can be found in Properties section of your created Key Vault. https://serviceboard.vault.azure.net/
Api Version Api Version 7.3
Scope Scope for your Key Vault. https://vault.azure.net/.default