User assigned identity in storage account (ARM template for custom key SSE)
We are trying to define ARM template for storage accounts using custom key for SSE. Such definition is required for Azure Blueprints.
Currently the only way to enable custom key for SSE is 3 step process: 1-Create SystemAssigned identity in storage account, 2-Update Keyvault access policies for that identity, 3-Update storage encryption settings.
If we can get User (customer) assigned identity into storage account for accessing Keyvault, then we can pre-prepare / isolate step 1 and 2. Then we can have ARM template definition with custom key for SSE defined for a new storage account as a single step (3).