1. To-Increase Dynamics 365 for Finance & Operations
  2. EDI studio
  3. Flows

Set up AS2 Key Vault
Activity Flow

When you use the AS2 web app, you need a key vault to set up the secrets and certificates that are required to run the AS2 web app.

Administrator Administrator Start Start Create key vault and generate certificates and secrets Create key vault and generate certificates and secrets When you use the AS2 web app, you need a key vault to set up the secrets and certificates that are required to run the AS2 web app. Create a key vault and generate these certificates and secrets in the key vault: Certificate/Secret Description Certificate for the AS2 web app This certificate is used by the AS2 web app in the: Outbound process to sign the data that is sent to the EDI partner. Inbound process to decrypt the received data. Download the certificate in CER format. The downloaded CER file contains the public key of the certificate. Send the CER file to the EDI partner. So, the EDI partner can use this key to: Encrypt the data that is sent by the EDI partner to the AS2 web app. Verify the data that is sent by the AS2 web app to the EDI partner. Public key of your EDI partner, registered as secret This secret (public key) is used by the AS2 web app in the: Outbound process to encrypt the data that is sent to the EDI partner. Inbound process to verify the received data. Note: You receive this public key from your EDI partner in a CER file. Open the CER file with a text editor and copy the file content to Secret value field of the secret. Access key of Azure storage account, registered as secret In the AS2 inbound process, this secret is used by the AS2 web app to access the general storage location to store EDI message files. Note: Usually, the general storage location is defined by an Azure Storage account. Copy the Storage account access key to the Secret value field of the secret. Usually, key1 is used. For more information, refer to: Quickstart: Create a key vault using the Azure portal Quickstart: Set and retrieve a certificate from Azure Key Vault using the Azure portal About Azure Key Vault secrets Allow registered app to access Key Vault Allow registered app to access Key Vault For the created key vault, set up an access policy to allow the earlier registered app to access the key vault. On creation of the access policy: On permission selection, select these Secret permissions: Get and List. On principal selection, select the earlier registered app. For more information, refer to Assign a Key Vault access policy. Notes In your AS2 setup, you can use several app registrations and several key vaults. If you, in this case, use one app configuration, make sure that each used app registration has access to each used key vault. End End

Activities

Name Responsible Description

Create key vault and generate certificates and secrets

Administrator

When you use the AS2 web app, you need a key vault to set up the secrets and certificates that are required to run the AS2 web app.

Create a key vault and generate these certificates and secrets in the key vault:

Certificate/Secret Description
Certificate for the AS2 web app

This certificate is used by the AS2 web app in the:

  • Outbound process to sign the data that is sent to the EDI partner.
  • Inbound process to decrypt the received data.

Download the certificate in CER format. The downloaded CER file contains the public key of the certificate. Send the CER file to the EDI partner. So, the EDI partner can use this key to:

  • Encrypt the data that is sent by the EDI partner to the AS2 web app.
  • Verify the data that is sent by the AS2 web app to the EDI partner.
Public key of your EDI partner, registered as secret

This secret (public key) is used by the AS2 web app in the:

  • Outbound process to encrypt the data that is sent to the EDI partner.
  • Inbound process to verify the received data.

Note: You receive this public key from your EDI partner in a CER file. Open the CER file with a text editor and copy the file content to Secret value field of the secret.
Access key of Azure storage account, registered as secret

In the AS2 inbound process, this secret is used by the AS2 web app to access the general storage location to store EDI message files.

Note: Usually, the general storage location is defined by an Azure Storage account. Copy the Storage account access key to the Secret value field of the secret. Usually, key1 is used.

For more information, refer to:

Allow registered app to access Key Vault

Administrator

For the created key vault, set up an access policy to allow the earlier registered app to access the key vault.

On creation of the access policy:

  • On permission selection, select these Secret permissions: Get and List.
  • On principal selection, select the earlier registered app.

For more information, refer to Assign a Key Vault access policy.

Activities

Name Responsible Description

Create key vault and generate certificates and secrets

Administrator

When you use the AS2 web app, you need a key vault to set up the secrets and certificates that are required to run the AS2 web app.

Create a key vault and generate these certificates and secrets in the key vault:

Certificate/Secret Description
Certificate for the AS2 web app

This certificate is used by the AS2 web app in the:

  • Outbound process to sign the data that is sent to the EDI partner.
  • Inbound process to decrypt the received data.

Download the certificate in CER format. The downloaded CER file contains the public key of the certificate. Send the CER file to the EDI partner. So, the EDI partner can use this key to:

  • Encrypt the data that is sent by the EDI partner to the AS2 web app.
  • Verify the data that is sent by the AS2 web app to the EDI partner.
Public key of your EDI partner, registered as secret

This secret (public key) is used by the AS2 web app in the:

  • Outbound process to encrypt the data that is sent to the EDI partner.
  • Inbound process to verify the received data.

Note: You receive this public key from your EDI partner in a CER file. Open the CER file with a text editor and copy the file content to Secret value field of the secret.
Access key of Azure storage account, registered as secret

In the AS2 inbound process, this secret is used by the AS2 web app to access the general storage location to store EDI message files.

Note: Usually, the general storage location is defined by an Azure Storage account. Copy the Storage account access key to the Secret value field of the secret. Usually, key1 is used.

For more information, refer to:

Allow registered app to access Key Vault

Administrator

For the created key vault, set up an access policy to allow the earlier registered app to access the key vault.

On creation of the access policy:

  • On permission selection, select these Secret permissions: Get and List.
  • On principal selection, select the earlier registered app.

For more information, refer to Assign a Key Vault access policy.
Related to Notes

Set up AS2 Key Vault

 		 

Provide feedback