Key Vault - Allow using AD Groups (RBAC) on Keys and Secret level
I am an infrastructure admin, and i would like to use a single keyvault where i can maintain secrets and keys and use RBAC to allow users, Groups, Service Principals to insure they only have access to what they need. this would simplify my administration of this service, perhaps adding folders/group tags to secrets within the keyvault and setting permissions based on those would also be an option
Alex den Nieuwenboer commented
Is there any update on the work on this issue? That enableRbacAuthorization is still only for the whole keyvault and not on a per secret or per key basis
Oleg Elantsev commented
I think there were snippets on GitHub which hint how to configure RBAC for KeyVault for data in ARM template... as in here https://github.com/Azure/azure-rest-api-specs/issues/8075
Not sure if it indeed works correctly. Especially in case when connecting Key Vault to custom domain (endpoint of CDN of Blob Storage). Currently it is only possible to connect through Access Policy.
It's a duplicate, but I'll vote for this one too.
Work on extending RBAC integration with Key Vault to be able to create certificate/secrets/keys permission. Also ability to manage keys, secrets, certificates permissions across key vaults : management group, subscription, resource group level.(Edited by admin)
Justin King commented
Which means it is by far the #1 request for Key Vault. Considering we are in Q4 2019 ... think this can at least hit the backlog?
Omer Zubair commented
+1. item level security i.e RBAC per secret/cert level
Fernando Simonazzi commented
Pradeep Kumar Reddy commented
Can anyone please tell me how to configure same scenario in my azure subscription.
Laurent [@MSFT] commented
RBAC at the secret, key and certificate level!