Do you have an idea or a suggestion for Azure Key Vault based on your experience?

← Azure Key Vault

ARM Template for KeyVault to have AccessPolicies non-mandatory

Hi,
It would be better for idempotency and the ability to create Keyvault first, with additional incrementally run ARM templates to have AccessPolicies as non-mandatory.

It is already possible to incrementally add AccessPolicies once you have a KeyVault, but it is not possible to create or update a Keyvault via ARM without specifying the AccessPolicies... which is a problem for update - you need to know all the existing AccessPolicies before you do the update or it will get reverted to whatever you specify.

36 votes

Sign in

Your name

Your email address

Check!

invalid email

(thinking…)

Reset

or sign in with

UserVoice password

Forgot password?

Create a password

Signed in as (Sign out)

We’ll send you updates on this idea

Dan Byrne shared this idea · May 31, 2018 · Flag idea as inappropriate… · Admin →

7 comments

Add a comment…

Sign in

Your name

Your email address

Check!

invalid email

(thinking…)

Reset

or sign in with

UserVoice password

Forgot password?

Create a password

Signed in as (Sign out)

Submitting...

Anonymous commented · March 22, 2019 12:22 PM · Flag as inappropriate

Support
Chris Neale commented · March 22, 2019 12:19 PM · Flag as inappropriate

Support
Salford commented · March 6, 2019 8:37 PM · Flag as inappropriate

Support this suggestion vehemently!
Henry commented · January 29, 2019 5:02 AM · Flag as inappropriate

Totally agree
Filip Scherwin Lindboe commented · January 10, 2019 2:20 AM · Flag as inappropriate

I agree. I have a fully automated deployment using Azure DevOps. Here i have some access policies that needs to be assigned more dynamically according to context, so i am setting these through a script. Other access policies are static and is set using ARM template. But the fact that the access policies are being overwritten when deploying the ARM template has caused me some grief.
Toby Meyer commented · December 22, 2018 10:31 PM · Flag as inappropriate

This breaks incremental deployments in a fundamental way. I use other deployment actions to manipulate KV permissions programmatically & this makes it substantially more complex.
Anonymous commented · November 11, 2018 7:49 AM · Flag as inappropriate

Agreed.

Sign in

Your name

Your email address

Check!

invalid email

(thinking…)

Reset

or sign in with

UserVoice password

Forgot password?

Create a password

Signed in as (Sign out)

Sign in
Sign up

Azure Key Vault: Other

Searching…

No results.
Clear search results

Give feedback
- (General Feedback) 3,554 ideas
- Additional Services 204 ideas
- Analytics Platform System 10 ideas
- API Apps 3 ideas
- API Management 420 ideas
- Application Insights 488 ideas
- Automation 395 ideas
- Azure Active Directory 2,827 ideas
- Azure Active Directory Application Requests 198 ideas
- Azure Advisor 8 ideas
- Azure Alert Management 52 ideas
- Azure Analysis Services 121 ideas
- Azure API for FHIR 0 ideas
- Azure App Configuration 0 ideas
- Azure Backup 358 ideas
- Azure Bot Service 50 ideas
- Azure Cloud Shell 209 ideas
- Azure Confidential Compute 0 ideas
- Azure Container Instances 68 ideas
- Azure Container Registry 49 ideas
- Azure Cosmos DB 255 ideas
- Azure CycleCloud 0 ideas
- Azure Data Explorer 29 ideas
- Azure Database for MariaDB 7 ideas
- Azure Database for MySQL 50 ideas
- Azure Database for PostgreSQL 85 ideas
- Azure Database Migration Service 25 ideas
- Azure Databricks 43 ideas
- Azure DDoS Protection 6 ideas
- Azure Digital Twins 9 ideas
- Azure Event Grid 37 ideas
- Azure Functions 138 ideas
- Azure Governance 47 ideas
- Azure Government 66 ideas
- Azure IoT 216 ideas
- Azure IoT Central 47 ideas
- Azure IoT Device Catalog 8 ideas
- Azure IoT Edge 50 ideas
- Azure IoT Solution Accelerators 14 ideas
- Azure Key Vault 79 ideas
- Azure Kubernetes Service (AKS) 101 ideas
- Azure Management Groups 9 ideas
- Azure Maps 36 ideas
- Azure Marketplace 364 ideas
- Azure Media Services 232 ideas
- Azure Migrate 25 ideas
- Azure mobile app 176 ideas
- Azure Monitor 59 ideas
- Azure Pack 304 ideas
- Azure portal 1,911 ideas
- Azure Resource Manager 357 ideas
- Azure Search 201 ideas
- Azure Security Center 141 ideas
- Azure Sentinel 0 ideas
- Azure Service Health 17 ideas
- Azure SignalR Service 7 ideas
- Azure Spatial Anchors 7 ideas
- Azure Sphere 36 ideas
- Azure Stack 129 ideas
- Azure TCO Calculator 28 ideas
- Azure Time Series Insights 2 ideas
- Batch 38 ideas
- Batch AI 8 ideas
- Biztalk Services 23 ideas
- Blockchain 34 ideas
- Cache 43 ideas
- CDN 79 ideas
- Cloud Services (Web and Worker Role) 270 ideas
- Cost Management 153 ideas
- Customer Insights 13 ideas
- Customer Lockbox for Microsoft Azure 0 ideas
- Data Catalog 105 ideas
- Data Factory 601 ideas
- Data Lake 325 ideas
- Data Science VM 18 ideas
- Diagnostics and Monitoring 179 ideas
- Event Hubs 13 ideas
- Global Infrastructure 30 ideas
- HDInsight 113 ideas
- Lab Services 214 ideas
- Log Analytics 842 ideas
- Logic Apps 1,148 ideas
- Machine Learning 436 ideas
- Mobile Engagement 19 ideas
- Networking 620 ideas
- Notification Hubs 42 ideas
- Scheduler 47 ideas
- Scripting and Command Line Tools 96 ideas
- SDK and Tools 134 ideas
- Security and Compliance 70 ideas
- Service Bus 168 ideas
- Service Fabric 267 ideas
- Signup and Billing 1,133 ideas
- Site Recovery 199 ideas
- SQL Data Sync 66 ideas
- SQL Data Warehouse 224 ideas
- SQL Database 531 ideas
- SQL Managed Instance 56 ideas
- SQL Server 9,027 ideas
- Storage 616 ideas
- StorSimple 45 ideas
- Stream Analytics 220 ideas
- Support Feedback 244 ideas
- System Center Data Protection Manager 100 ideas
- Update Management 102 ideas
- Virtual Machines 1,322 ideas
- Web Apps 302 ideas
Microsoft Azure