No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

solved: I had assumed I needed to set KV rights on the user assigned identity that azure creates, not true - I simply created a SecretProviderClass in my cluster that made use of the existing identity that DID have rights to read from the key vault - worked first time.  Tadaaaaa