Create an Azure key vault in the Azure portal
All the secrets and certificates that are used in the Electronic invoicing service must be stored in a Microsoft Azure key vault. This approach helps ensure that you don't work directly with the secrets, and that the secrets are securely stored. When you must use digital signing or secure a connection to external web services, set the reference to the Key Vault secrets and certificates instead of using the secrets and certificates directly.
Create a key vault in the tenant where Regulatory Configuration Service (RCS) is installed. For more information, see Create a key vault using the Azure portal.
Next, you must set up the access policy to grant the Electronic invoicing service the correct level of secure access to the secret that you created.
Go to Settings > Access policies, and select Add Access Policy.
In the Secret permissions field, select the Get and List operations.
[
In the Certificate permissions field, select the Get and List operations.
In the Select principal field, select None selected.
In the Principal dialog box, select the principal by adding e-Invoicing Service.
Note
If e-Invoicing Service isn't in the list of principals in your tenant, run the following command in the Azure portal.
New-AzureADServicePrincipal -AppId "ecd93392-c922-4f48-9ddf-10741e4a9b65"Select Add, and then select Save.
On the Overview page, copy the value of the Domain Name System (DNS) name for the key vault. This value will be used during the setup of the service in RCS and will be referred as the Key Vault URI value. For more information about how to set up RCS, see Set up Regulatory Configuration Services (RCS).
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for