The integration allows you to use Azure Key Vault in combination with Azure Event Grid to create tickets in Halo when keys, secrets, and certificates have new versions created, are nearing expiry, or have expired.
To set this up you need to create an event subscription with a webhook endpoint for your key vault.
Enable the Azure Key Vault integration in Configuration > Integrations. this should automatically add a custom integration and runbook.
You need to go to the custom runbook "Azure Key Vault" and set a username and password for the authorisation.
Make sure you make a note of the username, password, and runbook URL, as these will need to be entered into the Azure configuration.
Azure Key Vault Configuration
With the Halo application now registered, you can go to Azure Key Vault to configure your event subscription.
In Azure Key Vault, go to Events and add an event subscription.
Set a name and which event types you want. By default, the 3 types of alert will tirgger for all 3 Key Vault objects, but this can be adjusted.
The endpoint type needs to be set to webhook and you then need to enter the runbook URL you copied form the Halo configuration as the webhook endpoint.
The filters and additional features are not required, but can optionally be configured to restrict or customise the alerts that get triggered.
A custom header needs to be set up to authorise the webhooks.
Add a header with name "Authorization", type "static", and set it as secret.
The value will need to be Basic followed by the Base64 encoding of your chosen username and password
If you set them as username and password respectively, you need to Base64 encode the following: username:password
Copy the result of this encoding, which for the above is dXNlcm5hbWU6cGFzc3dvcmQ=, and into the value field enter Basic followed by the encoding. So for this example, Basic dXNlcm5hbWU6cGFzc3dvcmQ=
All of the inputs for this are case-sensitive, so make sure to match them exactly.
You can then save the webhook. Now you're all set up in Azure.