Do you have an idea or a suggestion for Azure Key Vault based on your experience?

← Azure Key Vault

ARM Template for KeyVault to have AccessPolicies non-mandatory

Hi,
It would be better for idempotency and the ability to create Keyvault first, with additional incrementally run ARM templates to have AccessPolicies as non-mandatory.

It is already possible to incrementally add AccessPolicies once you have a KeyVault, but it is not possible to create or update a Keyvault via ARM without specifying the AccessPolicies... which is a problem for update - you need to know all the existing AccessPolicies before you do the update or it will get reverted to whatever you specify.

50 votes

Sign in

(thinking…)

Sign in with:

Microsoft

Forgot password?

Create a password

Signed in as (Sign out)

We’ll send you updates on this idea

Dan Byrne shared this idea · May 31, 2018 · Flag idea as inappropriate… · Admin →

7 comments

Add a comment…

Sign in

(thinking…)

Sign in with:

Microsoft

Forgot password?

Create a password

Signed in as (Sign out)

Submitting...

Anonymous commented · March 22, 2019 12:22 PM · Flag as inappropriate

Support
Chris Neale commented · March 22, 2019 12:19 PM · Flag as inappropriate

Support
Salford commented · March 6, 2019 8:37 PM · Flag as inappropriate

Support this suggestion vehemently!
Henry commented · January 29, 2019 5:02 AM · Flag as inappropriate

Totally agree
Filip Scherwin Lindboe commented · January 10, 2019 2:20 AM · Flag as inappropriate

I agree. I have a fully automated deployment using Azure DevOps. Here i have some access policies that needs to be assigned more dynamically according to context, so i am setting these through a script. Other access policies are static and is set using ARM template. But the fact that the access policies are being overwritten when deploying the ARM template has caused me some grief.
Toby Meyer commented · December 22, 2018 10:31 PM · Flag as inappropriate

This breaks incremental deployments in a fundamental way. I use other deployment actions to manipulate KV permissions programmatically & this makes it substantially more complex.
Anonymous commented · November 11, 2018 7:49 AM · Flag as inappropriate

Agreed.

Azure Key Vault: Other

Searching…

No results.
Clear search results

Give feedback
- (General Feedback) 3,473 ideas
- Additional Services 294 ideas
- Analytics Platform System 12 ideas
- API Apps 7 ideas
- API Management 422 ideas
- Automation 390 ideas
- Azure Active Directory 3,204 ideas
- Azure Active Directory Application Requests 213 ideas
- Azure Advisor 16 ideas
- Azure Analysis Services 137 ideas
- Azure API for FHIR 2 ideas
- Azure App Configuration 13 ideas
- Azure Backup 398 ideas
- Azure Bastion 9 ideas
- Azure Blockchain Service 2 ideas
- Azure Bot Service 58 ideas
- Azure Cloud Shell 303 ideas
- Azure Confidential Compute 3 ideas
- Azure Container Instances 91 ideas
- Azure Container Registry 56 ideas
- Azure Cosmos DB 217 ideas
- Azure CycleCloud 1 idea
- Azure Data Explorer 48 ideas
- Azure Data Share (Public Preview) 2 ideas
- Azure Database for MariaDB 7 ideas
- Azure Database for MySQL 53 ideas
- Azure Database for PostgreSQL 84 ideas
- Azure Database Migration Service 36 ideas
- Azure Databricks 55 ideas
- Azure DDoS Protection 6 ideas
- Azure Digital Twins 22 ideas
- Azure Event Grid 50 ideas
- Azure Functions 148 ideas
- Azure FXT Edge Filer 0 ideas
- Azure Governance 82 ideas
- Azure Government 76 ideas
- Azure IoT 239 ideas
- Azure IoT Central 77 ideas
- Azure IoT Device Catalog 14 ideas
- Azure IoT Edge 65 ideas
- Azure IoT Solution Accelerators 26 ideas
- Azure Key Vault 106 ideas
- Azure Kinect DK 27 ideas
- Azure Kubernetes Service (AKS) 127 ideas
- Azure Lighthouse 0 ideas
- Azure Management Groups 16 ideas
- Azure Maps 41 ideas
- Azure Marketplace 380 ideas
- Azure Media Services 209 ideas
- Azure Migrate 30 ideas
- Azure mobile app 221 ideas
- Azure Monitor 86 ideas
- Azure Monitor- Alert Management 66 ideas
- Azure Monitor-Application Insights 542 ideas
- Azure Monitor-Log Analytics 876 ideas
- Azure Pack 324 ideas
- Azure portal 1,776 ideas
- Azure Red Hat OpenShift 11 ideas
- Azure Resource Manager 415 ideas
- Azure Search 225 ideas
- Azure Security Center 176 ideas
- Azure Sentinel 18 ideas
- Azure Service Health 16 ideas
- Azure SignalR Service 7 ideas
- Azure Spatial Anchors 16 ideas
- Azure Sphere 48 ideas
- Azure Stack 145 ideas
- Azure TCO Calculator 28 ideas
- Azure Time Series Insights 6 ideas
- Batch 42 ideas
- Batch AI 8 ideas
- Biztalk Services 23 ideas
- Blockchain 40 ideas
- Cache 50 ideas
- CDN 88 ideas
- Change Tracking 7 ideas
- Cloud Services (Web and Worker Role) 283 ideas
- Cost Management 166 ideas
- Customer Insights 13 ideas
- Customer Lockbox for Microsoft Azure 1 idea
- Data Catalog 125 ideas
- Data Factory 681 ideas
- Data Lake 334 ideas
- Data Science VM 19 ideas
- Diagnostics and Monitoring 187 ideas
- Event Hubs 17 ideas
- Global Infrastructure 41 ideas
- HDInsight 122 ideas
- Lab Services 237 ideas
- Logic Apps 1,275 ideas
- Machine Learning 60 ideas
- Mobile Engagement 19 ideas
- Networking 773 ideas
- Notification Hubs 27 ideas
- Scheduler 47 ideas
- Scripting and Command Line Tools 105 ideas
- SDK and Tools 138 ideas
- Security and Compliance 82 ideas
- Service Bus 179 ideas
- Service Fabric 276 ideas
- Signup and Billing 1,379 ideas
- Site Recovery 238 ideas
- SQL Data Sync 67 ideas
- SQL Data Warehouse 244 ideas
- SQL Database 623 ideas
- SQL Managed Instance 85 ideas
- SQL Server 9,536 ideas
- Storage 720 ideas
- StorSimple 45 ideas
- Stream Analytics 224 ideas
- Support Feedback 260 ideas
- System Center Data Protection Manager 109 ideas
- Update Management 102 ideas
- Virtual Machines 1,408 ideas
- Web Apps 354 ideas
Microsoft Azure