We created Azure key Vaults with RBAC (enableRbacAuthorization: true), but we run into problems when destroying the stack. DeniedWithNoValidRBAC. The solution so far is to give the user running destroy the role "Key Vault Secrets Officer" before running pulumi destroy.
Has anyone else experienced this and how did you solve it? We would like to avoid having to grant "Key Vault Secrets Officer" every time we need to remove a KeyVault.