powerful-football-81694
03/13/2021, 11:42 AM// Get a reference to our centralized key vault service which lives
// in another resource group. The key vault service itself is not created or maintained
// by this program.
var keyVault =
await GetKeyVault.InvokeAsync(
new GetKeyVaultArgs()
{
ResourceGroupName = centralResourceGroupName,
Name = keyVaultName
}).ConfigureAwait(false);
// Create an access policy in the key vault to allow the function app to read
// keys, secrets and certificates.
var keyVaultAccessPolicy = new AccessPolicy(
$"orgflow-licensing-{stackName}-keyVaultPolicy",
new AccessPolicyArgs()
{
TenantId = app.Identity.Apply(x => x.TenantId!),
ObjectId = app.Identity.Apply(x => x.PrincipalId!),
KeyPermissions = { "get", "sign" },
SecretPermissions = { "get" },
KeyVaultId = keyVault.Id
});
I can’t figure out how to create key vault access policies with the native provider (like, I can’t even find any resource type for it in the KeyVault namespace) - can someone give me a pointer?tall-librarian-49374
03/13/2021, 12:21 PMbetter-shampoo-48884
03/13/2021, 2:49 PM