In this blog post about Azure Key Vault and Azure CLI, we will show how to assign permissions to a key vault using CLI.
Azure Key Vault allows developers, engineers and administrators to store security keys, certificates and passwords in the key vault and access them programmatically.
To allow the Service Principal access to secrets stored in the Key Vault, we need to give the SP the correct permissions to access the vault. In this post, we will use Azure CLI to show how to assign the permissions.
To assign permissions to an Azure Key Vault, we need first to get the Objectid of the object that will access the vault, which could be an Azure AD user or a service principal. You can use the following command to get the SP objectid.
az ad sp show --id <appId> --query objectId --out tsv
Once you have the Objectid, run the following command to allow the sp account to get and list secrets.
az keyvault set-policy -n <keyVaultName> --object-id <objectId> --secret-permissions get list