Hi @Robbie Dyer
Thank you for post!
I understand your concern about the security of adding a Role Assignment.
To answer your questions, when you give a specific App Service in Azure access to a Key Vault Certificate, you’re only allowing that particular App Service to use the certificate. This means other App Services, even if they are in different subscriptions or accounts, won’t have access to it. It’s like giving a key to one person and making sure no one else can use it.
The other question about RBAC for Key Vaults, Microsoft has already implemented Role-Based Access Control (RBAC) for Azure Key Vaults. This allows you to manage permissions for keys, secrets, and certificates.
For more information, please go through Provide access to Key Vault keys, certificates, and secrets with an Azure role-based access control.
Hope this helps. Do let us know if you any further queries by responding in the comments section.
Thanks,
Akhilesh.
If this answers your query, do click Accept Answer
and Yes
for was this answer helpful. And, if you have any further query do let us know.