1. Generate a 256-bit tenant secret using the method of your choice.You can generate your tenant secret in one of 2 ways:Use your own on-premises resources to generate a tenant secretprogrammatically, using an open source library such as Bouncy Castle orOpenSSL. Tip We've provided a script that may be useful as a guide to the process.Use a key brokering partner that can generate, secure, and share accessto your tenant secret.
2. Use your own on-premises resources to generate a tenant secretprogrammatically, using an open source library such as Bouncy Castle orOpenSSL. Tip We've provided a script that may be useful as a guide to the process.
3. Use a key brokering partner that can generate, secure, and share accessto your tenant secret.
4. Wrap your tenant secret with the public key from the BYOK-compatible certificate you generated.Specify the OAEP padding scheme. Make sure the resulting encrypted tenant secret and hashed tenant secret files are encoded using base64.
5. Encode this encrypted tenant secret to base64.
6. Calculate an SHA-256 hash of the plaintext tenant secret.
7. Encode the SHA-256 hash of the plaintext tenant secret to base64.