Configuration JSON schema

The Create command receives a full configuration JSON template template as an input parameter. All the other commands may work with just the configuratorInformation section.

For all the upcoming sections, settings that are used by an action are marked as (✅) while unused settings are marked as (⬜️).

Configurator Information

The Configurator Information section contains information needed to connect to the (Azure) SQL database server. This section is used for all actions. The Delete, Upgrade, ImportData, and ExportData actions need only this section to run. The Upgrade action may need additional settings though.

JSON template:

{
    "configuratorInformation": {
        "databaseProvider": "MSSQL",
        "databaseServerName": "",
        "databaseLoginUserName": "",
        "databaseLoginUserPassword": "",
        "port": 1433
    }
}

Parameters:

Name Data type Required? Default value
databaseProvider Enum = {MSSQL, MariaDB} No MSSQL
databaseServerName string true localhost
databaseLoginUserName string false
databaseLoginUserPassword string false
port number false 1433

Corresponding configuration on UI:

Index Name
(1) databaseProvider
(2) databaseServerName
(3) databaseLoginUserName
(4) databaseLoginUserPassword
(5) port

database-configuration.png

Examples using MSSQL database provider

  • If your database server is installed on localhost, you can leave the databaseServerName setting empty:

    "configuratorInformation": {
        "databaseProvider": "MSSQL",
        "databaseServerName": "",
        "databaseLoginUserName": "databaseuser",
        "databaseLoginUserPassword": "OhCQd0GRD72LjMUw2pIh"
    }

    Corresponding configuration on UI:

    configuration-template-1.png

  • If you want to connect to the SQL server using Windows integrated authentication, you need to leave databaseLoginUserName and databaseLoginUserPassword settings empty:

    "configuratorInformation": {
        "databaseProvider": "MSSQL",
        "databaseServerName": "",
        "databaseLoginUserName": "",
        "databaseLoginUserPassword": ""
    }

    Corresponding configuration on UI:

    configuration-template-2.png

  • If you are using an SQL server installed on another machine which is always the case in production, you need to specify the SQL server name and credentials (or leave the credentials empty if you are using Windows integrated authentication):

    "configuratorInformation": {
        "databaseProvider": "MSSQL",
        "databaseServerName": "WIN-EC1LAPCPS79\\MSSQLSERVERSW",
        "databaseLoginUserName": "databaseuser",
        "databaseLoginUserPassword": "OhCQd0GRD72LjMUw2pIh"
    }

    Corresponding configuration on UI:

    configuration-template-3.png

Examples using MariaDB database provider

  • You need to provide the MariaDB server name, credentials, and port number.:

    "configuratorInformation": {
        "databaseProvider": "MariaDB",
        "databaseServerName": "dqtglobeteam",
        "databaseLoginUserName": "admin",
        "databaseLoginUserPassword": "OhCQd0GRD72LjMUw2pIh",
        "port": 3306
    }

    Corresponding configuration on UI:

    configuration-template-4.png

General information configuration

JSON template:

"tenantConfiguration": {
        "clientName": "",
        "defaultLanguage": "",
        "tenantId": "",
        "safewhereAdminIdleTimeout": 20,
        "passwordAdmin": ""
    }

Parameters:

Name Data type Required? Default value Create Replicate
clientName string true
defaultLanguage string true
tenantId string true ⬜️
passwordAdmin string true ⬜️
safewhereAdminIdleTimeout string false 20 ⬜️

Corresponding configuration on UI:

Index Name
(1) tenantId
(2) clientName
(3) defaultLanguage
(4) passwordAdmin
(5) safewhereAdminIdleTimeout

general-configuration.png

Examples

  • Input settings for an instance:

    "tenantConfiguration": {
    "clientName": "SWSECONDMACHINE",
    "defaultLanguage": "da", 
    "tenantId": "identifytenant",
    "safewhereAdminIdleTimeout": 97,
    "passwordAdmin": "OhCQd0GRD72LjMUw2pIh"
}

    Corresponding configuration on UI:

    general-information-configuration-1.png

Instance's database connection configuration

JSON template:

"tenantDatabaseConfiguration": {
        "isMultiSubnetFailover": false,
        "databaseConfiguration": {
            "server": "",
            "schema": "",
            "loginUserName": "",
            "loginPassword": "",
            "dbAuthenticationType": "SQLServerAuthentication"
        },
        "auditConfiguration": {
            "providerType": "SQLDatabase",
            "host": "",
            "loginName": "",
            "password": "",
            "port": 1433,
            "connectionTimeout": 60,
            "cosmosDBMaxIdleTime": 120000
        },
        "sessionStateConfiguration": {
            "sessionStateMode": "InProc",
            "timeOut": 60
        }
    }

Enable multi subnet fail over parameters

Note: This setting is not supported for the MariaDB database provider. The guideline below is intended for the MSSQL database provider, so please skip this section if you are currently using the MariaDB database provider.

Name Data type Required? Default value Create Replicate
isMultiSubnetFailover boolean false false ⬜️

Corresponding configuration on UI:

Index Name
(1) isMultiSubnetFailover

general-configuration-multisubnetfailover.png

Example
    "tenantDatabaseConfiguration": {
        "isMultiSubnetFailover": true
    }

Corresponding configuration on UI:

database-connection-configuration-1.png

Database configuration parameters

Note: The guideline below is intended for the MSSQL database provider, so please skip this section if you are currently using the MariaDB database provider, the loginUserName and loginPassword are generated automatically.

Name Data type Required? Default value Create Replicate
schema string false ⬜️
server string false localhost ⬜️
loginUserName string false false ⬜️
loginPassword string false false
dbAuthenticationType Enum = {SQLServerAuthentication, WindowsAuthentication} false SQLServerAuthentication ⬜️

  • When the dbAuthenticationType setting is "SQLServerAuthentication", processing rules for the other optional settings are:

    Index Name Required? Description
    (1) schema false If you leave it empty, it will take the value of tenantConfiguration.tenantId
    (2) server false If you leave it empty, it will take the value of configuratorInformation.databaseServerName
    (3) dbAuthenticationType true Must be "SQLServerAuthentication" in this case
    (4) loginUserName false A username is generated automatically using the schema name as the prefix
    (5) loginPassword false A random password is generated automatically

    Their respective settings on the UI are:

    tenant-database-configuration.png

    An example of the tenant database configuration using SQL database authentication is:

    "tenantDatabaseConfiguration": {
    "isMultiSubnetFailover": true,
    "databaseConfiguration": {
        "server": "WIN-EC1LAPCPS79\\MSSQLSERVERSW",
        "schema": "identifytenant",
        "dbAuthenticationType": "SQLServerAuthentication"
    }
}

    The respective configuration on the UI is:

    database-connection-configuration-2.png

  • When the dbAuthenticationType setting is "WindowsAuthentication", processing rules for the other optional settings are:

    Index Name Required? Description
    (1) schema false If you leave it empty, it will take the value of tenantConfiguration.tenantId
    (2) server false If you leave it empty, it will take the value of configuratorInformation.databaseServerName
    (3) dbAuthenticationType true Must be "WindowsAuthentication" in this case
    (4) loginUserName false Specify the username for the selected database server. For domain users, it should be in the format "domain\\user". If the user’s login credentials do not exist in the database, they will be added automatically.
    (5) loginPassword true Enter the password of the above user.

    database-connection-configuration-3.png

    An example of the tenant database configuration using Windows authentication is:

    "tenantDatabaseConfiguration": {
    "databaseConfiguration": {
        "server": "WIN-EC1LAPCPS79\\MSSQLSERVERSW",
        "schema": "identifytenant",
        "loginUserName": "WIN-EC1LAPCPS79\\anyiduser1",
        "loginPassword": "OhCQd0GRD72LjMUw2pIh",
        "dbAuthenticationType": "SQLServerAuthentication"
    }
}

    The respective configuration on the UI is:

    database-connection-configuration-3-1.png

Audit configuration parameters

Name Data type Required? Default value Create Replicate
providerType Enum = {(SQLDatabase or MariaDb), MongoDb, CosmosDb} true SQLDatabase or MariaDB ⬜️
host string false ⬜️
loginName string false ⬜️
password string false ⬜️
port number false 1433 ⬜️
connectionTimeout number false 60 ⬜️
cosmosDBMaxIdleTime number false 120000 ⬜️

  • When the providerType setting is "SQLDatabase", processing rules for the other optional settings are:

    Index Name Required? Description
    (1) providerType true Must be "SQLDatabase" in this case
    (2) host false You don't need to specify value for it. The default value is always taken from databaseConfiguration.server of the tenant database configuration
    (3) loginName false You don't need to specify value for it. The default value is always taken from databaseConfiguration.loginUserName of the tenant database configuration
    (4) password false You don't need to specify value for it. The default value is always taken from databaseConfiguration.loginPassword of the tenant database configuration
    (5) port false You can specify a value for it or leave it empty. The default value is 1433
    (6) connectionTimeout false You can specify a value for it or leave it empty. The default value is 60 seconds

    tenant-audit-database-configuration.png

    An example of the configuration section using SQL database is:

    "tenantDatabaseConfiguration": {
    "auditConfiguration": {
        "providerType": "SQLDatabase",
        "port": 1433,
        "connectionTimeout": 60
    }
}

  • When the providerType setting is "MongoDb", processing rules for the other optional settings are:

    Index Name Required? Description
    (1) providerType true Must be "MongoDb" in this case
    (2) host false You don't need to specify value for it. The default value is always taken from databaseConfiguration.server of the tenant database configuration
    (3) loginName false Specify the username for the selected database server. For domain users, it should be in the format domain\\user. If the user’s login credentials do not exist in the database, they will be added automatically. If you leave it empty, the default value will be taken from databaseConfiguration.loginUserName of the tenant database configuration
    (4) password false Enter the password of the above user. If you leave it empty, the default value will be taken from databaseConfiguration.loginPassword of the tenant database configuration
    (5) port false You can specify a value for it or leave it empty. The default value is 27017
    (6) connectionTimeout false You can specify a value for it or leave it empty. The default value is 60 seconds

    tenant-audit-database-configuration.png

    An example of the configuration Audit log using MongoDb database as below:

    "tenantDatabaseConfiguration": {
    "auditConfiguration": {
        "providerType": "MongoDb",
        "host": "safewhere.mongo.cosmos.azure.com",
        "loginName": "safewhereuser",
        "password": "pasword_of_safewhereuser",
        "port": 27017,
        "connectionTimeout": 60
    }
}

  • When the providerType setting is "CosmosDb", processing rules for the other optional settings are:

    Index Name Required? Description
    (1) providerType true Must be "CosmosDb" in this case
    (2) host true Specify the HOST of an Azure Cosmos DB account
    (3) loginName true Specify the USERNAME of Azure Cosmos DB account
    (4) password true Specify the PRIMARY PASSWORD or SECONDARY PASSWORD of the account
    (5) port false You can specify a value for it or leave it empty. The default value is 10255
    (6) cosmosDBMaxIdleTime false You can specify a value for it or leave it empty. The default value is 120000 seconds

    tenant-audit-database-configuration.png

    To use the CosmosDB, you must create a CosmosDB account on the Azure portal. Navigate to the Connection String tab to get the required information for the Identify Configurator.

    tenant-audit-database-configuration-cosmosdb-azure.png

    An example of the configuration Audit log using Cosmos database as below:

    "tenantDatabaseConfiguration": {
    "auditConfiguration": {
        "providerType": "CosmosDb",
        "host": "dqtcosmosdb.mongo.cosmos.azure.com",
        "loginName": "dqtcosmosdb",
        "password": "BVasdsaw123123masgeaasdAdCsYcvdT6LH0Q==",
        "port": 3306,
        "cosmosDBMaxIdleTime": 60
    }
}

  • When the providerType setting is "MariaDb", processing rules for the other optional settings are:

    Index Name Required? Description
    (1) providerType true Must be "MariaDb" in this case
    (2) host false You don't need to specify value for it. The default value is always taken from databaseConfiguration.server of the tenant database configuration
    (3) loginName false You don't need to specify value for it. The default value is always taken from databaseConfiguration.loginUserName of the tenant database configuration
    (4) password false You don't need to specify value for it. The default value is always taken from databaseConfiguration.loginPassword of the tenant database configuration
    (5) port false You can specify a value for it or leave it empty. The default value is 3306
    (6) connectionTimeout false You can specify a value for it or leave it empty. The default value is 60 seconds

    tenant-audit-database-configuration-mariadb.png

    An example of the configuration Audit log using MariaDb database as below:

    "tenantDatabaseConfiguration": {
    "auditConfiguration": {
        "providerType": "MariaDb",
        "port": 3306,
        "connectionTimeout": 60
    }
}

Session state configuration parameters

Name Data type Required? Default value Create Replicate
sessionStateMode Enum = [InProc, SQLServer or Custom] false InProc ⬜️
timeOut number false 60 ⬜️

Note: When using the MSSQL database provider, you have two options to configure session state: InProc and SQLServer. When using the MariaDB database provider, you have two options to configure session state: InProc and Custom.

Corresponding configuration on UI:

Index Name
(1) sessionStateMode
(2) timeOut

tenant-session-state-configuration.png

Example

  • Input value InProc for sessionStateMode:

    "tenantDatabaseConfiguration": {
    "sessionStateConfiguration": {
        "sessionStateMode": "InProc",
        "timeOut": 60
    }
}

    Corresponding configuration on UI:

    database-connection-configuration-5.png

  • Input value SQLServer for sessionStateMode :

    "tenantDatabaseConfiguration": {
    "sessionStateConfiguration": {
        "sessionStateMode": "SQLServer",
        "timeOut": 60
    }
}

    Corresponding configuration on UI:

    database-connection-configuration-6.png

  • Input value Custom for sessionStateMode when using MariaDB database provider:

    "tenantDatabaseConfiguration": {
    "sessionStateConfiguration": {
        "sessionStateMode": "Custom",
        "timeOut": 60
    }
}

    Corresponding configuration on UI:

    configure-session-state-mode-mariadb.png

Instance's IIS configuration

JSON template:

"tenantIISConfiguration": {
        "generateDefaultValues": true,
        "serverIpAddress": "127.0.0.1",
        "port": 443,
        "domainName": "",
        "siteName": "",
        "sitePool": "",
        "adminPool": "",
        "runtimePool": "",
        "servicePool": "",
        "bindCertificate": true,
        "requireServerNameIndication": false,
        "useHttpSecurityHeaders": true,
        "identifySecuritySettingsXMLConfiguration": "",
        "safewhereAdminSecuritySettingsXMLConfiguration": ""
    }

Parameters:

Name Data type Required? Default value Create Replicate
generateDefaultValues boolean false true ⬜️
serverIpAddress string false 127.0.0.1 ⬜️
port number value 443 ⬜️
domainName string true ⬜️
siteName string true ⬜️
sitePool string true ⬜️
adminPool string true ⬜️
runtimePool string true ⬜️
servicePool string true ⬜️
bindCertificate boolean false true ⬜️
requireServerNameIndication boolean false false ⬜️
useHttpSecurityHeaders boolean false true ⬜️
identifySecuritySettingsXMLConfiguration string false true ⬜️
safewhereAdminSecuritySettingsXMLConfiguration string false true ⬜️

Corresponding configuration on UIs:

Index Name
(1) generateDefaultValues

tenant-iis-configuration-generate-default-value.png

Index Name
(1) serverIpAddress
(2) port
(3) domainName
(4) bindCertificate
(5) requireServerNameIndication
(6) siteName
(7) sitePool
(8) adminPool
(9) runtimePool
(10) servicePool

tenant-iis-configuration.png

Index Name
(1) useHttpSecurityHeaders
(2) identifySecuritySettingsXMLConfiguration
(3) safewhereAdminSecuritySettingsXMLConfiguration

tenant-iis-configuration-security-headers.pn

Example

  • If generateDefaultValues is true, based on tenantId some settings will auto-generate such as domainName, siteName, sitePool, adminPool, runtimePool, servicePool and default values of bindCertificate, requireServerNameIndication are true:

    "tenantIISConfiguration": {
        "generateDefaultValues": true,
        "serverIpAddress": "127.0.0.1",
        "port": 443,
    }

    Corresponding configuration on UI:

    iis-configuration-1.png

  • If generateDefaultValues is false, you need to specify values for IIS settings:

    "tenantIISConfiguration": {
        "serverIpAddress": "127.0.0.1",
        "port": 443,
        "domainName": "identifytenantcustom.safewhere.local",
        "siteName": "identifytenant sitename",
        "sitePool": "AppPool identifytenant",
        "adminPool": "Admin AppPool identifytenant",
        "runtimePool": "Runtime AppPool identifytenant",
        "servicePool": "Service AppPool identifytenant",
        "bindCertificate": true,
        "requireServerNameIndication": true
    }

    Corresponding configuration on UI:

    iis-configuration-2.png

  • Set value of useHttpSecurityHeaders to true, if you want to use recommended security headers:

    "tenantIISConfiguration": {
        "useHttpSecurityHeaders": true,
        "identifySecuritySettingsXMLConfiguration": "",
        "safewhereAdminSecuritySettingsXMLConfiguration": ""
    }

    • The value of the identifySecuritySettingsXMLConfiguration property is a <system.webServer> XML block in Base64-encoded format. If you leave it empty, the default value will be used.

    • The value of the safewhereAdminSecuritySettingsXMLConfiguration property is a <system.webServer> XML block in Base64-encoded format. If you leave it empty, the default value will be used.

    Corresponding configuration on UI:

    iis-configuration-3.png

    XML configuration for identifySecuritySettingsXMLConfiguration:

    iis-configuration-5.png

    XML configuration for safewhereAdminSecuritySettingsXMLConfiguration:

    iis-configuration-6.png

  • Otherwise, set value of useHttpSecurityHeaders to false:

    "tenantIISConfiguration": {
        "useHttpSecurityHeaders": false
    }

    Corresponding configuration on UI:

    iis-configuration-4.png

Instance's certificates configuration

JSON template:

"tenantCertificateConfiguration": {
        "sslCertificateConfiguration": {
            "certificateSetupType": "UseDefaultCertificate",
            "sslDomainName": "safewhere.local",
            "filePath": "",
            "password": "",
            "certificateThumbprintInStore": ""
        },
        "signingCertificateConfiguration": {
            "certificateSetupType": "UseDefaultCertificate",
            "filePath": "",
            "password": "",
            "certificateThumbprintInStore": "",
            "keyVaultMode": "Certificate",
            "azureTenantId": "",
            "applicationClientId": "",
            "applicationClientSecret": "",
            "azureKeyVaultUrl": "",
            "certificateName": "",
            "keyName": "",
            "base64Certificate": ""
        },
        "pathToTrustedRootCertificateToImport": ""
    }

Trusted Root CA certificate configuration

Parameters:

Name Data type Required? Default value Create Replicate
pathToTrustedRootCertificateToImport string false ⬜️

Corresponding configuration on UI:

Index Name
(1) pathToTrustedRootCertificateToImport

tenant-ca-certifcates-configuration.png

Example

Input value for pathToTrustedRootCertificateToImport:

"tenantCertificateConfiguration": {
        "pathToTrustedRootCertificateToImport": "C:\\Program Files\\Safewhere\\Identify\\Certificates\\SafewhereCA.cer"
}

Corresponding configuration on UI:

certificate-configuration-9.png

SSL certificate configuration parameters

Name Data type Required? Default value Create Replicate
certificateSetupType Enum = {UseDefaultCertificate, UseAutoGeneratedCertificate, ImportFromFile, SelectFromServerCertificateStore} false UseDefaultCertificate ⬜️
sslDomainName string false "safewhere.local" ⬜️
filePath string false ⬜️
password string false ⬜️
certificateThumbprintInStore string false ⬜️

Corresponding configuration on UI:

Index Name
(1.1) certificateSetupType = UseDefaultCertificate
(1.2) certificateSetupType = UseAutoGeneratedCertificate
(1.3) certificateSetupType = ImportFromFile
(1.4) certificateSetupType = SelectFromServerCertificateStore
(2) sslDomainName
(3) filePath
(4) password
(5) certificateThumbprintInStore

tenant-ssl-certifcate-configuration.png

Example

  • If certificateSetupType = UseDefaultCertificate, you don't need to input values for other settings:

    "tenantCertificateConfiguration": {
        "signingCertificateConfiguration": {
            "certificateSetupType": "UseDefaultCertificate"
        }
    }

    Corresponding configuration on UI:

    certificate-configuration-1.png

  • If certificateSetupType = UseAutoGeneratedCertificate, you need to input value for sslDomainName:

        "tenantCertificateConfiguration": {
            "signingCertificateConfiguration": {
                "certificateSetupType": "UseAutoGeneratedCertificate",
                "sslDomainName": "anyid.eu"
            }
        }

    Corresponding configuration on UI:

    certificate-configuration-2.png

  • If certificateSetupType = ImportFromFile, you need to input values for filePath and password:

    "tenantCertificateConfiguration": {
        "signingCertificateConfiguration": {
            "certificateSetupType": "ImportFromFile",
            "filePath": "C:\\Program Files\\Safewhere\\Identify\\Certificates\\safewhere.local.pfx",
            "password": "Test1234"
        }
    }

    Corresponding configuration on UI:

    certificate-configuration-3.png

  • If certificateSetupType = SelectFromServerCertificateStore, you need to input values for certificateThumbprintInStore:

    "tenantCertificateConfiguration": {
        "signingCertificateConfiguration": {
            "certificateSetupType": "SelectFromServerCertificateStore",
            "certificateThumbprintInStore": "3C1FD735A4035E3B78D33444DE5327C393AA282E"
        }
    }

    Corresponding configuration on UI:

    certificate-configuration-4.png

Signing certificate configuration parameters

Name Data type Required? Default value Create Replicate
certificateSetupType Enum = {UseDefaultCertificate, UseAutoGeneratedCertificate, ImportFromFile, SelectFromServerCertificateStore, UseAzureKeyVault} false UseDefaultCertificate ⬜️
filePath string false ⬜️
password string false ⬜️
certificateThumbprintInStore string false ⬜️
keyVaultMode Enum = {Certificate, Key} false Certificate ⬜️
azureTenantId string false ⬜️
applicationClientId string false ⬜️
applicationClientSecret string false ⬜️
azureKeyVaultUrl string false ⬜️
certificateName string false ⬜️
keyName string false ⬜️
base64Certificate string false ⬜️
useManagedIdentity boolean false ⬜️

Corresponding configuration on UI:

Index Name
(1.1) certificateSetupType = UseDefaultCertificate
(1.2) certificateSetupType = UseAutoGeneratedCertificate
(1.3) certificateSetupType = ImportFromFile
(1.4) certificateSetupType = SelectFromServerCertificateStore
(1.5) certificateSetupType = UseAzureKeyVault
(2) filePath
(3) password
(4) certificateThumbprintInStore
(5.1) keyVaultMode = Certificate
(5.2) keyVaultMode = Key
(6) azureTenantId
(7) applicationClientId
(8) applicationClientSecret
(9) azureKeyVaultUrl
(10) certificateName
(11) keyName
(12) base64Certificate
(13) useManagedIdentity

tenant-signing-certifcates-configuration.png

azure-key-vault-configuration-certificate.png

azure-key-vault-configuration-key.png

Example

  • If certificateSetupType = UseDefaultCertificate, you don't need to input values for other settings:

    "tenantCertificateConfiguration": {
        "signingCertificateConfiguration": {
            "certificateSetupType": "UseDefaultCertificate"
        }
    }

    Corresponding configuration on UI:

    certificate-configuration-5.png

  • If certificateSetupType = UseAutoGeneratedCertificate, you don't need to input values for other settings:

    "tenantCertificateConfiguration": {
        "signingCertificateConfiguration": {
            "certificateSetupType": "UseAutoGeneratedCertificate"
        }
    }

    Corresponding configuration on UI:

    certificate-configuration-6.png

  • If certificateSetupType = ImportFromFile, you need to input values for filePath and password:

    "tenantCertificateConfiguration": {
        "signingCertificateConfiguration": {
            "certificateSetupType": "ImportFromFile",
            "filePath": "C:\\Program Files\\Safewhere\\Identify\\Certificates\\IdentifyDefaultSigning.pfx",
            "password": "Test1234"
        }
    }

    Corresponding configuration on UI:

    certificate-configuration-7.png

  • If certificateSetupType = SelectFromServerCertificateStore, you need to input values for certificateThumbprintInStore:

    "tenantCertificateConfiguration": {
        "signingCertificateConfiguration": {
            "certificateSetupType": "SelectFromServerCertificateStore",
            "certificateThumbprintInStore": "3C1FD735A4035E3B78D33444DE5327C393AA282E"
        }
    }

    Corresponding configuration on UI:

    certificate-configuration-8.png

  • If certificateSetupType = UseAzureKeyVault and keyVaultMode = Certificate, you need to input values for azureTenantId, applicationClientId, applicationClientSecret, azureKeyVaultUrl and azureKeyVaultKeyName:

    "tenantCertificateConfiguration": {
        "signingCertificateConfiguration": {
            "certificateSetupType": "UseAzureKeyVault",
            "keyVaultMode": "Certificate",
            "azureTenantId": "123456-5678-6545-88fd-f40123456123",
            "applicationClientId": "333333-210c-4907-9999-1142138f0391",
            "applicationClientSecret": "ft_1ap8r-skgktoef1-Yk-x~zs.ssdasw123df",
            "azureKeyVaultUrl": "https://safewheredqt.vault.azure.net/",
            "certificateName": "SafewhereCertificate"
        }
    }

    Corresponding configuration on UI:

    create-instance-configure-select-azurekeyvault.pngcreate-instance-configure-certificate-using-azurekeyvault-certificate.png

  • If certificateSetupType = UseAzureKeyVault and keyVaultMode = Key, you need to input values for azureTenantId, applicationClientId, applicationClientSecret, azureKeyVaultUrl, azureKeyVaultKeyName and base64Certificate:

    "tenantCertificateConfiguration": {
        "signingCertificateConfiguration": {
            "certificateSetupType": "UseAzureKeyVault",
            "keyVaultMode": "Key",
            "azureTenantId": "123456-5678-6545-88fd-f40123456123",
            "applicationClientId": "333333-210c-4907-9999-1142138f0391",
            "applicationClientSecret": "ft_1ap8r-skgktoef1-Yk-x~zs.ssdasw123df",
            "azureKeyVaultUrl": "https://safewheredqt.vault.azure.net/",
            "keyName": "SafewhereCertificate",
            "base64Certificate": "MIIDMzCCAhugAwIBAgIQP3kBSPwVT3SbkJzkhIKb9zANBgkqhkiG9w0BAQsFADAWMRQwEgYLVQQDEwtjdHR0ZXN0LmNvbTAeFw0yMDA3MTQxNTA3NThaFw0yMzA3MTQxNTE3NThaMBYxFDASBgNVBAMTC2N0dHRlc3QuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/gGS9tfXR4tpvwk95Hfx2wL+FsYp9MViLxSvTgjv45DNTTrJmWRqdRLMAB3cOK/quykJYjmcOsds+2F2vnKhPnsfRHKaMA6ZuKgoVfLb+KBh7Hjt1ZsknFmPXh5cH+NflMgLCt8MFKef+huyA+hQ7qHEilS/URh3Z3/jkjte3H1D8Za3dKv8IKX2aDEloy0ckvqQ/u6IsSv5l3o1lX2d7tAZ/iF0TP2iyFnuhUnLtz84xK2myD6qEkpnH/rCBXgiGAtj42LtJGRFIoAhejDARd6LzlmxuojHRRAv7JNC12sdlknxxZnhLvx6vQyjZAUrj5U92LHr8CqGBvlRWuwsQIDAQABo30wezAPBgNVHQ8BAf8EBQMDB/+AMAkGA1UdEwQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB8GA1UdIwQYMBaAFIpfeTotEcu8s5sNSW8tFGp+lg/fMB0GA1UdDgQWBBXKX3k6LRHLvLObDUlvLRRqfpYP3zANBgkqhkiG9w0BAQsFAAOCAQEAsRFmsucTcyMtWljuik9ZtnFbdnMD7jrt/RrUr2GQPb1vdxci8e1WOMEj1JwtJOlKTD5+HWRxgmR226H1N8Gj2HQuh2dK6+EtwuqZXXVEAlFhb1D4Lj8GUX7HtOkPtPEdocKwAjAEdMIn0TaevEf7tudiS1SukEbiosj2ERddjnz1P5gql2M2Dzg9he9iitwam1IB9wAuKY0f0J0Fli22qGCMszHqP8o2yfCBBvcd8RT1BaG0BAG6hNtOELSgX/YpKRCuEXOjFcQnV2adOtV4Cjw7Mwws0gprQGQDddUORoEJ7oRlfIRLz3cRvcASFfaJf1B6J973r9L/ZhJS58np5w=="
        }
    }

    Corresponding configuration on UI:

    configurator-cli/create-instance-configure-select-azurekeyvault.pngcreate-instance-configure-certificate-using-azurekeyvault-key.png