Do I need to add app on access policy of key vault if the app is already the owner on subscription level
Question
If I give owner access to an app on subscription level, do I still need to add the app on access policy in key vault so that the app can retrieve the secret value from azure key vault through http GET method?
1 answers
solution1
1 ACCPTED 2020-12-09 14:53:02
The answer is yes, if you use the Vault access policy permission model.
However, the answer is no, if you use the Azure role-based access control permission model - but then you would have to assign an appropriate RBAC role since the Owner role would not have access.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
pulumi: add web app to key vault access policy, read secrets and set them as app setting
How do I access Azure Key Vault Secret in .NET Core 2.2 console app?
Terraform - How to get App Service object id for azurerm key vault access policy?
Add key vault access policy using power shell does not work
Azure key vault - add access policy for deployment slot
Azure Data Factory key vault access policy is getting deleted when I do redeploy of terraform code?
get registered azure app to access key vault
Adding a Key Vault Access Policy to an Existing Key Vault via ARM
Change access policy of existing Azure Key Vault
How to give MSI enabled Function App access to Key Vault?
Related Tags