Configure a key in Azure Key Vault

Microsoft Azure Prerequisites

2. Search and click "App registrations" under Azure services.

3. Click + New registration.
4. Enter a name, choose the preferred option in Supported account types and click Register.

5. Copy the Directory (tenant) ID. You'll need it later to configure in Zoho. Click Add a certificate or secret.

6. Click + New client secret, fill in the required details and click Add.

7. Copy the client secret value.

The client secret value will be visible only once. Note down the client secret to configure it later in Zoho.

8. Click Endpoints, then copy the OAuth 2.0 token endpoint (v2) and Application (client) ID. You'll need to configure it later in Zoho.

9. Search and click "Resource groups" under Navigate.

10. Under Resource groups, click Create.

11. Under Basics, select the Subscription, enter Resource group name, and click Review + create.

12. Search and click "Key vaults" under Azure services.

13. Click Create.

14. Select the Subscription, Resource group, enter Key vault name, and click Next.

15. Select Azure role-based access control (recommended) as the Permission model, and click Next.

16. Select the checkbox next to Enable public access, and click Next.

17. Click Next again, and click Create.

18. After deployment is complete, click Go to resource.

19. From the left menu, click Objects, then click Keys.

20. Click + Generate/Import.

21. Enter a key name, select the Key type, select RSA key size, then click Create.

22. From the listed keys, select the key version.

23. Copy the Key identifier URL. Ensure Encrypt and Decrypt are selected under Permitted operations.

24. Click Access control (IAM) from the left menu, click +Add, then click Add role assignment.

25. Click Role, then click Job function roles, select Key Vault Crypto User, then click Next.

26. Click Members, assign access to User, group, or service principal, click + Select members.

27. Search and add members, then click Select, then click Next.

28. Click Review + assign.

By completing the above steps, you would have collected the below details to integrate Azure Key Vault with Zoho.

REST APIs used for BYOK integration in Zoho One:

Generating Access Token: https://login.microsoftonline.com:443/{{tenant}}/oauth2/v2.0/token
Encrypt request:
https://{{key_vault_name}}.vault.azure.net/keys/{{key_name}}/{{key_version_id}}/encrypt
Decrypt request:
https://{{key_vault_name}}.vault.azure.net/keys/{{key_name}}/{{key_version_id}}/decrypt

Credentials required for integration:

Client ID
Client Secret
OAuth 2.0 token endpoint (v2) URL
Key Identifier URL

Azure Key Vault setup guide

Configure a key in Azure Key Vault

REST APIs used for BYOK integration in Zoho One:

Credentials required for integration: