This message was deleted.

sparse-intern-71089

05/09/2022, 12:02 PM

This message was deleted.

clean-truck-93285

05/09/2022, 3:27 PM

If you doing RBAC than you make a role assignment. https://www.pulumi.com/registry/packages/azure-native/api-docs/authorization/roleassignment/ If you doing access policy then it set on the key vault. https://www.pulumi.com/registry/packages/azure-native/api-docs/keyvault/vault/

incalculable-napkin-4298

05/09/2022, 3:44 PM

Thanks for your reply nahlian. Problem with doing this on the keyvault is that I created the keyvault in a different stack.

incalculable-napkin-4298

05/09/2022, 3:45 PM

so one stack creates the keyvault.. the other wants to get access to it

incalculable-napkin-4298

05/09/2022, 3:45 PM

however, now i'm switching to rbac indeed, which seems the way to go

incalculable-napkin-4298

05/09/2022, 3:45 PM

Thank1

incalculable-napkin-4298

05/09/2022, 3:51 PM

but just to be sure, there's no way right now to add an access policy to an already existing keyvault using pulumi right now?

clean-truck-93285

05/09/2022, 3:54 PM

I use access policies all the time for my app service / function app communication to key vault. I export the managed identity from the service and configure the access policy on the key vault. In the key vault article I linked, the object ID under access policy is the managed identity ID.

28 Views

Open in Slack

Previous Next

Pulumi Community

No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.