Share via

Granular access control to Keys

Corpuz, E. (Eduard) 0 Reputation points
2023-06-16T03:14:44.6633333+00:00

Is it possible to control granular access to a key in a key vault?

 In the same key vault - nonprod-kv, can I control identity/service principal/user to access and not access different keys in the same key vault?

identity A can access key-1 in nonprod-kv key vault

identity A cannot access key-2 in nonprod-kv key vault

identity B cannot access key-1 in nonprod-kv key vault

 

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,448 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Dillon Silzer 57,826 Reputation points Volunteer Moderator
    2023-06-16T04:59:42.8733333+00:00

    Yes, you can do this by:

    Created a group that you want certain identities to be able to access (A, B, C, D, etc).

    Then you can assign each of those identities to a specific secret:

    Using Azure RBAC secret, key, and certificate permissions with Key Vault

    https://learn.microsoft.com/en-us/azure/key-vault/general/rbac-guide?tabs=azure-cli#using-azure-rbac-secret-key-and-certificate-permissions-with-key-vault

    1. Go to your Key Vault -> Open the Secret you'll to be using -> Select the Access control (IAM) tab
    2. Select Add -> Add role assignment to open the Add role assignment page.
    3. Assign the needed built-in role for the Group

    Cited from https://learn.microsoft.com/en-us/answers/questions/816270/provide-access-to-key-vault-keys-certificates-and (by JamesTran-MSFT)

    If this is helpful please accept answer.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.