1. 1

   Consent to the Anthropic multi-tenant application

   This creates a service principal in your Entra tenant for Anthropic's CMEK client application. The application requests no Microsoft Graph permissions; it exists solely as a federation target for Key Vault data-plane access.

   az ad sp create --id 8635ae1a-3e5d-44e8-a4ed-e0f614466f87

   From the output, capture the id field. This is the service principal's object ID in your tenant, which you use when you assign the RBAC role.

   {
    "appId": "8635ae1a-3e5d-44e8-a4ed-e0f614466f87",
    "displayName": "anthropic-cmek-client-us",
    "id": "<sp-object-id>"
   }

   If the service principal already exists in your tenant (from a prior attempt or another integration), az ad sp create exits with an "already exists" error. Fetch its object ID instead:

   az ad sp show --id 8635ae1a-3e5d-44e8-a4ed-e0f614466f87 --query id -o tsv

   This step has no Portal equivalent. If you do not have the Azure CLI installed locally, open Cloud Shell from the Portal's top navigation bar. After the command succeeds, you can find the service principal's object ID in Microsoft Entra ID > Enterprise applications by clearing the default application-type filter and searching for anthropic-cmek-client-us.

   👁 Microsoft Entra enterprise application overview for anthropic-cmek-client-us, showing its Application ID and Object ID.
   

2. 2

   Create an RSA key in your vault

   Azure Key Vault does not support symmetric key wrapping, so the key must be RSA (3072-bit or larger) with wrapKey and unwrapKey in its allowed operations.

   az keyvault key create \
    --vault-name <your-vault-name> \
    --name <your-key-name> \
    --kty RSA --size 3072 \
    --ops wrapKey unwrapKey

   For HSM-backed keys, use --kty RSA-HSM (requires a Premium-SKU vault). Software-protected RSA keys are acceptable for this integration.

   From the Portal, open your Key Vault, select Keys, then Generate/Import. Set the key type to RSA and the size to 3072 or larger. To restrict the key to wrap and unwrap only, open the key version, scroll to Permitted operations, and uncheck everything except Wrap Key and Unwrap Key.

   👁 Azure Key Vault Create a key page with the Generate option, RSA key type, and 3072 RSA key size selected.
   

   👁 Azure Key Vault key version with Permitted operations limited to Wrap Key and Unwrap Key.
   

3. 3

   Grant the Anthropic service principal access to your key

   Assign the Key Vault Crypto User role to the service principal from the first step, scoped to the individual key rather than the whole vault.

   VAULT_ID=$(az keyvault show --name <your-vault-name> --query id -o tsv)
   
   az role assignment create \
    --role "Key Vault Crypto User" \
    --assignee-object-id <sp-object-id> \
    --assignee-principal-type ServicePrincipal \
    --scope "${VAULT_ID}/keys/<your-key-name>"

   The built-in Key Vault Crypto User role grants key cryptographic operations (encrypt, decrypt, wrap, unwrap, sign, verify) plus key read on its assigned scope. The --ops wrapKey unwrapKey restriction you set on the key in the previous step further narrows which of those operations can succeed against this key, so in practice Anthropic can only wrap and unwrap.

   From the Portal, open the key (not the vault), select its Access control (IAM) tab, click Add > Add role assignment, select Key Vault Crypto User, and assign it to the anthropic-cmek-client-us service principal.

   

   Dedicated vault alternative: Microsoft recommends a dedicated vault per application with roles assigned at the vault scope. If you provision a vault that holds only this Anthropic CMEK key, you can assign the role at the vault scope instead and the effect is identical. Scope to the individual key when the key lives in a shared vault.

   👁 Azure Key Vault Access control (IAM) role assignments showing the anthropic-cmek-client-us service principal assigned the Key Vault Crypto User role.
   

4. 4

   Verify your vault configuration

   az keyvault show --name <your-vault-name> \
    --query "{rbac:properties.enableRbacAuthorization, purge:properties.enablePurgeProtection, pub:properties.publicNetworkAccess, net:properties.networkAcls.defaultAction, ipRules:properties.networkAcls.ipRules, uri:properties.vaultUri, tenantId:properties.tenantId}"

   Confirm that:

   • rbac is true.
   • purge is true. If it is false or null, enable purge protection on the vault before proceeding. Without it, a soft-deleted key can be permanently purged during the retention window, making your CMEK-protected data unrecoverable.
   • pub is "Enabled". If it is "Disabled", Anthropic cannot reach the vault over its public data-plane endpoint and validation fails.
   • net is "Allow", or, if it is "Deny", that ipRules include Anthropic's egress ranges (contact Anthropic for the current list).
   • uri is the vault URI you use when you register the key.
   • tenantId is the tenant that governs the vault. Use this value as tenant_id when you register the key, not the tenant of your currently-active subscription (the two can differ in cross-tenant setups).

Was this page helpful?