Follow our setup guide to configure Azure customer-managed keys.
To set up Azure customer-managed keys for your Fivetran account, you need:
- A Business Critical Fivetran account
- An Azure Key Vault
Authorize vault accesslink
- Log into your Azure portal.
- Click the menu button in the top left corner of your screen, then select Azure Active Directory.
- Find the Tenant ID value and make a note of it.
- In the Fivetran dashboard, enter the Tenant ID you found in the previous step.
- Click Authorize.
- In the pop-up window, authorize the Fivetran Azure app to access your Key Vault.
Create Azure keylink
- In the Azure portal, go to the Key Vaults section.
- Click on the Key Vault that you want to use with Fivetran.
- On the Overview page, find the Vault URI value and make a note of it. You will need it to configure Fivetran.
- In the left menu, go to the Keys page.
- Click + Generate/Import.
- Enter a memorable name for your key (for example, fivetran-cmk).
- Verify that the Key Type is RSA and the RSA key size is
- Click Create.
- Make note of the key’s name. You will need it to configure Fivetran.
Assign key permissionslink
- In the Azure portal, return to the Key Vault.
- In the left menu, go to the Access policies page.
- Check the permission model. How you do this depends on which permissions model you use.
If the permission model is Vault access policy, do the following:
i. Click Add Access Policy.
ii. In the Key permissions field, select the following permissions:
iii. Click Select principal. Search for Fivetran to find the Fivetran Azure app you authorized in Step 1.
iv. Click on the Fivetran Azure app, then click Select.
v. Click Add.
If the permission model is Azure role-based access control, do the following:
i. Go to Keys.
ii. Click on your newly-created key.
iii. Go to Access control (IAM).
iv. In the Grant access to this resource section, click Add role assignment (Preview).
NOTE: If the Add role assignment (Preview) field is grayed out, you do not have appropriate permissions to assign roles in this Key Vault. Contact your Azure account administrator for help.
v. Select Key Vault Crypto User as the role.
vi. Click Next.
vii. In the Assign access to section, select User, group, or service principal.
viii. Click Select members.
ix. Search for Fivetran to find the Fivetran Azure app you authorized in Step 1.
x. Click on the Fivetran Azure app, then click Select.
xi. Click Next.
xii. Review the role, scope and members. Make sure that Fivetran is assigned as part of the role.
xiii. Click Review + assign.