PMP Azure Key vault updates

katarzyna-koltun-mx · katarzyna-koltun-mx · commit b358409248dc · 2025-11-20T18:56:27.000+01:00
diff --git a/content/en/docs/private-platform/pmp-quickstart.md b/content/en/docs/private-platform/pmp-quickstart.md
@@ -264,11 +264,21 @@ Svix is required if you want to use webhooks. Install the Svix component by doin
 4. Select **Svix**, and then specify the following parameters:
 
     * **Image** - The Svix image path. The default path is `svix/svix-server:v1.25.0`. If you are using a self-signed TLS certificate, set this path to `{customer-private-image-registry-url}/svix/svix-server:v1.25.tls`.
-    * **Use Secret Provider** - Optional. Select this option to use the AWS Secret Manager. Selecting this option enables the following additional fields:
+    * **Use Secret Provider** - Optional. Select this option to use the AWS Secret Manager or the Azure Key Vault. Selecting this option enables the following additional fields:
 
-        * **Secret Provider** - Set to **AWS** by default.
-        * **AWS-Role-ARN** - An AWS role ARN which can access the specified Secret Manager.
-        * **AWS SecretManager Name** - The AWS Secret Manager name where the sensitive data is stored.
+        * For AWS Secret Manager:
+
+            * **Secret Provider** - Set to **AWS**.
+            * **AWS-Role-ARN** - An AWS role ARN which can access the specified Secret Manager.
+            * **AWS SecretManager Name** - The AWS Secret Manager name where the sensitive data is stored.
+
+        * For Azure Key Vault:
+
+            * **Secret Provider** - Set to **Azure**.
+            * **Client ID** - Enter a Client ID assigned to the Azure Managed Identity which enables Private Mendix Platform to access Azure resources.
+            * **Tenant ID** - Enter the Directory ID of the key vault.
+            * **Key Vault Name** - Enter the key vault name.
+            * **Use identity auth for Blob** - Set to **True** if you use the Azure Blob Storage with managed identity auth; the default value is **false**.
 
     * **POSTGRES_DSN** - Available only if you do not use the AWS Secret Manager. A Postgres DSN, for example, `postgresql://postgres:postgres@pgbouncer/postgres`.
     * **Use Redis** - Optional. Select this check box if you want to use Redis for message cache and queues.
@@ -309,10 +319,21 @@ Install the Private Mendix Platform by doing the following steps:
     * **MxAdminPassword** - Optional. The password for the admin user, required if you are not planning to use the AWS Secret Manager. It must have at least one number, one upper case letter, one lower case letter and one symbol, with a minimum length of 12 characters.
     * **dtapmode** - For production deployments, leave this value set to **P**. For the development of the app, for example acceptance testing, set the value to **D**.
     * **ApplicationRootUrl** - Optional. Manually specify the URL of your Private Mendix Platform, for example, for use with SSO or when sending emails. For more information about this functionality, see [ApplicationRootUrl Needs to be Set Manually](/developerportal/deploy/private-cloud-operator/#applicationrooturl-needs-to-be-set-manually).
-    * **Use Secret Provider** - Optional. Select this option to use the AWS Secret Manager. Selecting this option enables the following additional fields:
-        * **Secret Provider** - Set to **AWS** by default.
-        * **AWS-Role-ARN** - An [AWS role ARN](https://docs.mendix.com/developerportal/deploy/secret-store-credentials/#aws-secrets-manager) which can access the specified Secret Manager.
-        * **AWS SecretManager Name** - The AWS Secret Manager name where the sensitive data is stored.
+    * **Use Secret Provider** - Optional. Select this option to use the AWS Secret Manager or the Azure Key Vault. Selecting this option enables the following additional fields:
+
+        * For AWS Secret Manager:
+
+            * **Secret Provider** - Set to **AWS**.
+            * **AWS-Role-ARN** - An [AWS role ARN](https://docs.mendix.com/developerportal/deploy/secret-store-credentials/#aws-secrets-manager) which can access the specified Secret Manager.
+            * **AWS SecretManager Name** - The AWS Secret Manager name where the sensitive data is stored.
+
+        * For Azure Key Vault:
+
+            * **Secret Provider** - Set to **Azure**.
+            * **Client ID** - Enter a Client ID assigned to the Azure Managed Identity which enables Private Mendix Platform to access Azure resources.
+            * **Tenant ID** - Enter the Directory ID of the key vault.
+            * **Key Vault Name** - Enter the key vault name.
+            * **Use identity auth for Blob** - Set to **True** if you use the Azure Blob Storage with managed identity auth; the default value is **false**.
 
 5. In the **Enabled Functions** section, select or clear the functions that you want to enable or disable:
  
