Generating a Storage Key URI

Last published : Jun 07, 2026
This section briefly navigates you to create a key vault. For detailed information, refer to Create a key vault using the Azure portal.
To generate the Storage key URI
  1. On the Microsoft Azure portal, select Home>Create a resource>Key Vault.
  2. On the Key Vaults page, in the left navigation pane, underObjects, select** Keys**, and click** Create**.
Note: The Azure Key Vault must be created with** Purge Protection** enabled.
image
  1. Specify the mandatory field details, and click Next.
  2. Click Review + Create to create a Key Vault.
  3. Select this Key Vault and click Keys.
  4. Click Generate/Import to create a key.
  5. On the Create a key page, specify the field details, and clickCreate.
    Note: When creating a key, do not select theSet activation dateandSet expiration datecheck boxes. These fields must remain blank.
    image
The key is created and listed as shown in the sample image below.
image
  1. Select the key and click Access Control (IAM).
    image
  2. Click Add role assignment. On the** Add role assignment page, select the Role** tab, then select any of the following roles:
    • Key Vault Crypto Service Encryption User
    • Key Vault Crypto Officer
Note :
  • To assign permissions to the application, a user can have either the Key Vault Crypto Officer role or the Key Vault Crypto Service Encryption User role.
  • However, to create an encryption key, the user must have the Key Vault Crypto Officer role or a higher-level role with access to Key Vault and permission to create keys.
    image
  1. Click Next to access theMembers tab.
  2. On the Add role assignment page, select the Members tab, and click\+ Select members.
    image
  3. Select the Azure app that you have created and installed. See See Installing the Azure App and assigning it the Admin role.
  4. Click Next and Save.
  5. Select the key and click Overview.
    image
  6. Copy the key Identifier value and go to the Service Alert window of the Management Console.