Is it possible to restrict admins access to Azure KeyVault?

kanna 106 Reputation points

I'm planning to use KeyVault for saving soe secrets but in such a way that only me as creator have access to see the secrets, from what I understand global administrator can see the secrets.

What is the process/method to create private keyvaults in an organization with a admin?
Or is there a solution for that? it is possible to store password encrypted secrets in keyvault but wondering if there is a better way to do this.

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,098 questions
0 comments No comments
{count} votes

Accepted answer
  1. Manish chandra 76 Reputation points

    Azure key vault is another way to manage storage account keys.

    Storage account keys can be stored as key vault secrets which can help to sync the keys with the storage account by regenerating the keys on a schedule that is configured. The storage account key values are never returned. So shared access signature definitions are set up for account level or service level SAS tokens. Then when an application calls the REST URI path the key vault generates a SAS token using the storage account key and the shared access signature template and returns it to the caller as a key vault secret, and the application then can use the SAS token to authenticate to azure storage.

    By default Global administrator have access to your key vault.
    But while creating key vault, below pricing tier you will find an option Access Policies.
    If you go to this access policy section you can see a default access policy is applied to the user who is the global administrator. If you want to remove any access policy here then you can click on context menu and delete it.


    @kanna : You can find the step by step process for azure key vault in below blog post:

0 additional answers

Sort by: Most helpful