Assign Permissions to Key Vault using Azure CLI

In this blog post about Azure Key Vault and Azure CLI, we will show how to assign permissions to a key vault using CLI.

Azure Key Vault allows developers, engineers and administrators to store security keys, certificates and passwords in the key vault and access them programmatically.

To allow the Service Principal access to secrets stored in the Key Vault, we need to give the SP the correct permissions to access the vault. In this post, we will use Azure CLI to show how to assign the permissions.

To create an SP account, please visit the following post. To create an Azure Key Vault using Terraform, visit this post.

Get Objectid

To assign permissions to an Azure Key Vault, we need first to get the Objectid of the object that will access the vault, which could be an Azure AD user or a service principal. You can use the following command to get the SP objectid.

az ad sp show --id <appId> --query objectId --out tsv

Once you have the Objectid, run the following command to allow the sp account to get and list secrets.

az keyvault set-policy -n <keyVaultName> --object-id <objectId> --secret-permissions get list






Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.