DEV Community


Posted on

Azure Key Vault with .NET - Vault Access Policies

Link to the post explaining the creation of Azure Key Vault resource.

Now, we will see the Vault Access Policy setup in detail.

Key Vault has to be accessed from any where. Be it App Service, Functions, Azure VM etc.
We need to ensure that all these services can access the Key Vault to read the secrets without any authentication error.

If the Key Vault Access Policies has been selected to ensure that access policies are added for all the resources which have to connect to the Key Vault.

This is a two step process:

Assign a system id to the resource which will access the Key Vault resource

  • We need to make sure that a System ID is assigned to the resource for which we will create an access policy
  • Open the Overview page of the Azure Resource

Overview page of the application

  • Click on Identity from the left pane
  • In the System Assigned section, turn on the Enabled button.
  • Click on Save.
  • Once the save is successful, an Object (Principle) ID will be assigned to the resource.

Enable the System Assigned Identity for an application

Creating the access policy

  • Open the Azure Key Vault resource overview and click on the Access Policies option in the left pane.

Click on Access Policies

  • Click on 'Create(+)' button
  • The next step is to grant permissions
  • The permissions are divided in 3 parts: Keys, Secrets, Certificates
  • You can select from pre-defined templates or assign the permissions you need.
  • Example, if you want an application to just read and get list of the secrets, then just provide Get and List permission under the Secret option.

Assign what access are to be provided

  • Paste the Object(Principle) ID from the first step in search, it will bring the result.

On pasting the Object ID, we get the application in the result

  • Select the application and click on Next. (Multiple applications can be selected here)

  • Since we have already selected the applications, skip the 3rd step

  • Create the access policy

Once this policy is created, the selected application will now get all the selected accesses to the Key Vault Resource.

Top comments (1)

robinamirbahar profile image