This message was deleted.
# azure
s
This message was deleted.
r
Ah, this is because there are two models of access control on Azure Key Vault: built-in policies (as deployed by the example you followed), and Azure Active Directory. The roles
Key Vault Crypto Officer
and
Key Vault Secrets Officer
are Azure Active Directory roles, not built-in Key Vault roles. You will need to: 1. Set
enableRbacAuthorization
to true on the Key Value Properties (see here) 2. Add your user account/service principal/managed identity to the two Key Vault roles using authorization.RoleAssignment. Note the
RoleAssignmentName
property is a GUID/UUID, not the human-readable name. You can get the values for this property from the Azure docs. 3. Remove the access policy defintion from the key vault
a
Thank you so much 🙂
r
No problem 🙂