Azure Service Principal with Fortanix Confidential Computing Manager

1.0 Introduction

The purpose of this article is to describe how to set up an Azure Service Principal cluster as worker nodes in Fortanix Confidential Computing Manager (CCM).

1.1 Prerequisites

Ensure that you meet the following requirements:

You need to have an active Azure subscription.
You must have the latest Azure CLI.

2.0 Creating the Azure Service Principal Cluster

Perform the following steps to create the Azure Service Principal:

Run the following command to create an application:
```
az ad app create --display-name myApp
```
Run the following command to create a Service Principal:
```
az ad sp create --id <APP_ID>
```
Run the following command to create a resource group:
```
az group create -n myResourceGroup -l eastus
```

Run the following commands to create the custom role for managing the deployments in the Fortanix CCM:

az role definition create --role-definition '{
            "Name": "Manage deployment",
            "Description": "All permissions needed to run CCM managed deployments",
            "Actions": [
                "Microsoft.Resources/deployments/validate/action",
                "Microsoft.Resources/deployments/cancel/action",
                "Microsoft.Resources/deployments/write",
                "Microsoft.Resources/deployments/read",
                "Microsoft.Resources/deployments/operationStatuses/read",
                "Microsoft.ContainerInstance/containerGroups/delete",
                "Microsoft.ContainerInstance/containerGroups/write",
                "Microsoft.ContainerInstance/containerGroups/read",
                "Microsoft.ContainerInstance/containerGroups/stop/action",
                "Microsoft.ContainerInstance/containerGroups/containers/logs/read",
            ],
            "DataActions": [],
            "NotDataActions": [],
            "AssignableScopes": ["/subscriptions/"]
        }'

Run the following command to assign the role to the application:
```
az role assignment create --role "Manage deployment" --assignee <APP_ID> --scope /subscriptions/<SUBSCRIPTION_ID>/resourceGroups/<RESOURCE_GROUP>
```
Where,
- refer to the Application ID of the target application.
- refers to the subscription ID for the Azure subscription.
- refers to the resource group where the application is deployed.
Wait for a few minutes for the role assignment to be completed.
Run the following command to reset the credentials of the application:
```
az ad sp credential reset --id <APP_ID>
```

Azure Service Principal with Fortanix Confidential Computing Manager

1.0 Introduction

1.1 Prerequisites

2.0 Creating the Azure Service Principal Cluster

PLATFORM

Key Insight

Data Security Manager™

Confidential Computing Manager

Enclave Development Platform®

Request A demo

Contact Us

Free Trial

SOLUTIONS

AWS KMS External Key Store (XKS)

Google External Key Manager

Bring Your Own Key (BYOK)

HSM Modernization

Multicloud Key Management

Post Quantum Cryptography

Code Signing

Secrets Management

Tokenization Transparent

Database Encryption

Filesystem Encryption

Confidential Data Search

Confidential AI

Healthcare

Banking & Financial Services

Fintech

Manufacturing

Web 3.0

Federal Government

RESOURCES

Blog

Whitepapers

Datasheets

Solution Briefs

Ebooks

Reports

Case Studies

Webinars

University

Media Kit

Newsletters

COMPANY

About

Careerswe’re hiring

Customers

Partners

Awards

Events

Press

News

Services

Support

FAQ

4.6