How To: Assign Azure Environment by Policy Attribute

Applies to:

All versions of TPP


Cannot create Azure Key Vault application object for China, Germany, or US Government Azure environments.


By default, TPP's Azure Key Vault application driver connects to the "AzureCloud" environment (GlobalCloud). 


If a connection to Azure China, Azure Germany, or Azure US Government needs to be established, the Azure environment may only be changed by manually adding a Policy Attribute to the policy containing the affected Azure Key Vault application object. Currently, this value can only be changed with the help of Venafi Customer Support.

  • Class: "Azure Key Vault"
  • Attribute: "Environment"
  • Value:
    • If connecting to Azure China: "AzureChinaCloud"
    • If connecting to Azure Germany: "AzureGermanCloud"
    • If connecting to Azure US Government: "AzureUSGovernment"



More Info:

There is currently a "Product Idea" to add this functionality to TPP's UI: Support for Azure cloud for Gov, Germany and China | Community (

Was this article helpful?
0 out of 0 found this helpful