Home > Manage Encryption Profiles > Preparations
Export to PDFPreparations
The encryption profile requires some properties of a key vault. Before creating an encryption profile, make sure you have a key vault in Azure. If you do not have any key vaults, refer to the instructions in Create a Key Vault in Azure.
Then, perform the following pre-check on the key vault:
-
Log in to the .
-
Navigate to Key vaults.
-
Click the key vault you prepared.
-
Refer to the instructions below based on your scenario:
-
To check Azure RBAC roles assigned on the key vault, follow the steps below:
-
In the Key Vault’s menu, click Access control (IAM).
-
Go to the Role assignments tab.
-
Use the search bar or filter to find the Key Vault Crypto User role.
-
Check the list of users, groups, or service principals assigned with this role.
-
-
To check access policies added on the key vault, follow the steps below:
-
In the Key Vault’s menu, click Access policies.
-
Locate the application that is used for your key vault.
-
In the Key permissions drop-down list, make sure that at least the following operations are selected: Get, Encrypt, and Decrypt.
-
-
-
Navigate to the pane for key vault settings and click Keys.
-
Click a key and click a version of the key.
-
In the Permitted operations section, make sure that at least Encrypt and Decrypt are selected.
-
Copy the key identifier that resides in the Properties section. When you create an encryption profile in AvePoint Online Services, you will need to provide this key identifier.
Apart from the pre-checking above, AvePoint Online Services recommends that you back up the key in case the key is deleted accidentally. If a key has been applied to AvePoint Online Services' encryption profile to encrypt data, and the key is deleted with no backup, the encrypted data will be damaged, and AvePoint Online Services will not work for you smoothly.