Register Service Principal for MySQL server

Ravindra Pawar 21 Reputation points
2020-11-10T10:59:48.763+00:00

Hi,

I am trying to set up data encryption for our Azure Database for MySQL server as per this link https://video2.skills-academy.com/en-us/azure/mysql/howto-data-encryption-portal

I have created the Key Vault.
38717-keyvault.png

While adding access policy to the Key Vault, can't find name of our MySQL server under "Select Principal"
38698-selectprincipal.png

It is not prompting register service principal.

How to register service principal Azure MySQL server?

Please help with configuration steps or documentation link if any.

Also cannot see the "Data encryption" navigation option under "Security" for our Azure Database for MySQL.
38718-missingdataencryption.png

Are we missing anything here?

Thanks,
Ravindra

Azure Database for MySQL
Azure Database for MySQL
An Azure managed MySQL database service for app development and deployment.
824 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Saurabh Sharma 23,816 Reputation points Microsoft Employee
    2020-11-12T03:26:40.29+00:00

    @Ravindra Pawar Advanced Protection and Data Encryption features are available for General Purpose and Memory Optimized pricing tiers. I believe you are using Basic tier of Azure Database for MySQL and thus you are not able to see Advanced Threat Protection, Data Encryption on Azure portal under security section.

    Now, In order to create a Service Principal, if you have to first try to enable the "Data Encryption" for Azure database for mySQL on Azure portal which will fail when you try to Save on the blade. You will receive an error message like below on the portal notification area (top right) -
    The server '<Mysql Server Name>' requires following Azure Key Vault permissions: 'Get, WrapKey, UnwrapKey'. Please grant any missing permissions to the service principal with ID 'https://<Key_Vault_Name>.vault.azure.net/keys/demokey/0c93360e8790499cbb421eeda2 (see the screenshot below).
    39176-image.png

    At this time Azure portal generates the Service Principal for your mysql in background. You can then go to your Azure Key Vault > Access Policy settings to provide required permissions to your service principal. (see screenshot below)
    39163-image.png

    Please let me know if you have any other questions.

    Reference:

    1. Requirements for configuring data encryption for Azure Database for MySQL

    ----------

    Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.