How to read/show access policy from Azure CLI or Powershell

Question

Hi there,

We are working with keyvaults that have Vault Access Policy set. I am looking for a way to read or show these access policies from either Azure CLI or Powershell. I am aware of the az keyvault set-policy command to define the policy, but I cannot find an equivalent get-policy command.

Can someone help me find a way to do this with batch command because we need to automate the process for generating reports.

Answer 1

Hello @Jérôme DEMEULLE

Welcome to Microsoft QnA!

Please use :

Pshell:> (Get-AzKeyVault -VaultName mykeyvault).AccessPolicies

Sample Output :

Tenant ID : xxxxxxxx

Object ID : xxxxxxxx

Application ID :

Display Name :

Permissions to Keys : {Get, List, Update, Create…}

Permissions to Secrets : {Get, List, Set, Delete…}

Permissions to Certificates : {Get, List, Update, Create…}

Permissions to (Key Vault Managed) Storage : {}

Tenant ID : xxxxxxxxxx

Object ID : xxxxxxxx

Application ID :

Display Name : aciapi (xxxxxxxxxx)

Permissions to Keys : {Get, List, Update, Create…}

Permissions to Secrets : {}

Permissions to Certificates : {}

Permissions to (Key Vault Managed) Storage : {}

The Az Cli does not offer such detail

Reference :

az keyvault show --name YourKeyVaultName --query "properties.accessPolicies"

---

I hope this helps!

Kindly mark the answer as Accepted and Upvote in case it helped!

Regards

Answer 2

Hi @Jérôme DEMEULLE ,

maybe this one line in PowerShell is helpful:

(Get-AzKeyVault -VaultName <keyvaultname>).AccessPolicies

---

(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards

Andreas Baumgarten