Integrating Acunetix 360 with Azure Key Vault

You can integrate Acunetix 360 with Azure Key Vault to scan your web applications without providing sensitive credentials.

  • Azure Key Vault is a cloud service to store and access your secrets in a secure way.
  • A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, or cryptographic keys.
  • The Key Vault safeguarded those secrets by industry-standard algorithms, key lengths, and even hardware security modules.

Acunetix 360 can integrate with Azure Key Vault, so you do not need to provide sensitive credentials to scan your web application, websites, and API.

This article explains how to integrate Acunetix 360 with Azure Key Vault.

For further information, see What Systems Does Acunetix 360 Integrate With?.

Azure Key Vault fields

This table lists and explains the fields on the Azure Key Vault Integration page.

Field

Description

Name

This is the name of the configuration that will be shown elsewhere.

Client ID

This is the Application (Client) ID appearing on the app registrations page.

Client Secret

This is the Value of the client secrets that appears on the Certificates&secrets page at the Azure AD.

Tenant ID

This is the Directory ID appearing on the Key Vault page.

Agent Mode

This is the agent mode that you can select.

There are two options:

  • Cloud: Acunetix 360 verifies the connection with a cloud agent available on the Acunetix 360's environment.
  • Internal: Acunetix 360 verifies the connection with an authentication verifier agent installed on your environment. For further information, see Configuring internal agents for secrets management services.

Verify and Save

This verifies certification and the connection with the service.

How to integrate Acunetix 360 with Azure Key Vault
  1. Log in to Acunetix 360.
  2. From the main menu, select Integrations > New Integration.
  1. From the Secrets and Encryption Management section, select Azure Key Vault.

  1. In the Name field, enter a friendly name for the integration.
  2. In the Mandatory section, complete the connection details:
  • Azure Key Vault URL
  • Client ID
  • Secret
  • Tenant ID
  1. In the Agent Mode, select an option.
  2. Select Verify and Save. (If you have more than one authentication verifier agent, you see a drop-down to select the verifier agent.)

If successful, the new integration appears on the Manage Integrations page. Otherwise, Acunetix 360 displays an error message.

Verifying form authentication with Azure Key Vault

When you successfully integrate Azure Key Vault, you can use this integration to verify a form authentication before launching a new scan.

This table lists and explains the fields in the Azure Key Vault Settings dialog.

Field

Description

Integrations

This is the name of the integration that you entered in the New Vault Integration window. Select the integration from the drop-down, if necessary.

Vault Name

This is the name of your key vault.

Use Static Username

Select the Use Static Username checkbox only unless you plan to change a username routinely. This is deselected by default.

Username Key

This holds the username value.

Password Key

This holds the password value.

How to use the Azure Key Vault Integration to verify form authentication
  1. Log in to Acunetix 360.
  2. From the main menu, select Scans > New Scan.
  3. In the Target URL field, enter the URL.
  4. Complete the remainder of the fields, as described in Acunetix 360 New Scan Fields and Acunetix 360 Scan Options Fields.
  5. Then from the Authentication settings, select the Form tab.

  1. Select Form Authentication.
  2. Select the New Persona drop-down, then Azure Key Vault.
  3. Complete the fields in the dialog.

  1. Select Save.
  2. Select Verify Login & Logout to test the new Persona.

Information

Select Test Key Vault Settings to verify the username and password.



 
« Back to the Acunetix Support Page