Share via

How to grant App access to Azure Key Vault with read-only access to public keys only?

Finn 21 Reputation points
2020-11-23T00:13:50.293+00:00

Is it possible to assign a role to an Azure app service to access keys in a Key Vault, but the application should only have access to the public keys only?

Thanks in advance for your time.

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,275 questions
0 comments
Accepted answer
  1. JamesTran-MSFT 36,611 Reputation points Microsoft Employee
    2020-11-24T21:21:15.31+00:00

    @Finn
    Thank you for your post! Have you looked into the Get Key REST API, which gets the public part of a stored key. There's also the Get Keys REST API, which retrieves a list of the keys in the Key Vault as JSON Web Key structures that contain the public part of a stored key.

    For a full list of Azure Key Vault REST APIs.
    For a full list of Azure Key Vault PS commands.

    If you're looking to allow access to a specific key/set of keys out of "x" amount within your vault, this currently isn't supported. However, you can definitely leverage our User Voice forum to create a feature request so our engineering team can be aware of this.

    I hope this helps, if you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Finn 21 Reputation points
    2020-11-30T23:58:44.537+00:00

    Thanks James! I'm thinking of adding it to the user Voice Forum

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.