Do you have an idea or a suggestion for Azure Key Vault based on your experience?

← Azure Key Vault

ARM Template for KeyVault to have AccessPolicies non-mandatory

Hi,
It would be better for idempotency and the ability to create Keyvault first, with additional incrementally run ARM templates to have AccessPolicies as non-mandatory.

It is already possible to incrementally add AccessPolicies once you have a KeyVault, but it is not possible to create or update a Keyvault via ARM without specifying the AccessPolicies... which is a problem for update - you need to know all the existing AccessPolicies before you do the update or it will get reverted to whatever you specify.

44 votes

Sign in

(thinking…)

Sign in with:

oidc

Forgot password?

Create a password

Signed in as (Sign out)

We’ll send you updates on this idea

Dan Byrne shared this idea · May 31, 2018 · Flag idea as inappropriate… · Admin →

7 comments

Add a comment…

Sign in

(thinking…)

Sign in with:

oidc

Forgot password?

Create a password

Signed in as (Sign out)

Submitting...

Anonymous commented · March 22, 2019 12:22 PM · Flag as inappropriate

Support
Chris Neale commented · March 22, 2019 12:19 PM · Flag as inappropriate

Support
Salford commented · March 6, 2019 8:37 PM · Flag as inappropriate

Support this suggestion vehemently!
Henry commented · January 29, 2019 5:02 AM · Flag as inappropriate

Totally agree
Filip Scherwin Lindboe commented · January 10, 2019 2:20 AM · Flag as inappropriate

I agree. I have a fully automated deployment using Azure DevOps. Here i have some access policies that needs to be assigned more dynamically according to context, so i am setting these through a script. Other access policies are static and is set using ARM template. But the fact that the access policies are being overwritten when deploying the ARM template has caused me some grief.
Toby Meyer commented · December 22, 2018 10:31 PM · Flag as inappropriate

This breaks incremental deployments in a fundamental way. I use other deployment actions to manipulate KV permissions programmatically & this makes it substantially more complex.
Anonymous commented · November 11, 2018 7:49 AM · Flag as inappropriate

Agreed.

Azure Key Vault: Other

Searching…

No results.
Clear search results

Give feedback
- (General Feedback) 3,521 ideas
- Additional Services 251 ideas
- Analytics Platform System 11 ideas
- API Apps 5 ideas
- API Management 402 ideas
- Application Insights 523 ideas
- Automation 410 ideas
- Azure Active Directory 2,970 ideas
- Azure Active Directory Application Requests 206 ideas
- Azure Advisor 13 ideas
- Azure Alert Management 61 ideas
- Azure Analysis Services 126 ideas
- Azure API for FHIR 0 ideas
- Azure App Configuration 7 ideas
- Azure Backup 384 ideas
- Azure Blockchain Service 0 ideas
- Azure Bot Service 55 ideas
- Azure Cloud Shell 264 ideas
- Azure Confidential Compute 1 idea
- Azure Container Instances 80 ideas
- Azure Container Registry 51 ideas
- Azure Cosmos DB 257 ideas
- Azure CycleCloud 1 idea
- Azure Data Explorer 37 ideas
- Azure Database for MariaDB 8 ideas
- Azure Database for MySQL 52 ideas
- Azure Database for PostgreSQL 83 ideas
- Azure Database Migration Service 31 ideas
- Azure Databricks 47 ideas
- Azure DDoS Protection 6 ideas
- Azure Digital Twins 18 ideas
- Azure Event Grid 43 ideas
- Azure Functions 135 ideas
- Azure Governance 66 ideas
- Azure Government 71 ideas
- Azure IoT 229 ideas
- Azure IoT Central 68 ideas
- Azure IoT Device Catalog 9 ideas
- Azure IoT Edge 56 ideas
- Azure IoT Solution Accelerators 23 ideas
- Azure Key Vault 95 ideas
- Azure Kinect DK 6 ideas
- Azure Kubernetes Service (AKS) 108 ideas
- Azure Management Groups 13 ideas
- Azure Maps 35 ideas
- Azure Marketplace 374 ideas
- Azure Media Services 216 ideas
- Azure Migrate 28 ideas
- Azure mobile app 209 ideas
- Azure Monitor 73 ideas
- Azure Pack 313 ideas
- Azure portal 1,765 ideas
- Azure Red Hat OpenShift 1 idea
- Azure Resource Manager 386 ideas
- Azure Search 215 ideas
- Azure Security Center 162 ideas
- Azure Sentinel 15 ideas
- Azure Service Health 14 ideas
- Azure SignalR Service 7 ideas
- Azure Spatial Anchors 12 ideas
- Azure Sphere 43 ideas
- Azure Stack 141 ideas
- Azure TCO Calculator 28 ideas
- Azure Time Series Insights 5 ideas
- Batch 40 ideas
- Batch AI 8 ideas
- Biztalk Services 23 ideas
- Blockchain 39 ideas
- Cache 47 ideas
- CDN 83 ideas
- Cloud Services (Web and Worker Role) 277 ideas
- Cost Management 162 ideas
- Customer Insights 13 ideas
- Customer Lockbox for Microsoft Azure 1 idea
- Data Catalog 119 ideas
- Data Factory 661 ideas
- Data Lake 333 ideas
- Data Science VM 18 ideas
- Diagnostics and Monitoring 183 ideas
- Event Hubs 16 ideas
- Global Infrastructure 35 ideas
- HDInsight 120 ideas
- Lab Services 223 ideas
- Log Analytics 862 ideas
- Logic Apps 1,226 ideas
- Machine Learning 45 ideas
- Mobile Engagement 19 ideas
- Networking 705 ideas
- Notification Hubs 27 ideas
- Scheduler 47 ideas
- Scripting and Command Line Tools 102 ideas
- SDK and Tools 137 ideas
- Security and Compliance 78 ideas
- Service Bus 175 ideas
- Service Fabric 272 ideas
- Signup and Billing 1,269 ideas
- Site Recovery 220 ideas
- SQL Data Sync 67 ideas
- SQL Data Warehouse 233 ideas
- SQL Database 582 ideas
- SQL Managed Instance 69 ideas
- SQL Server 9,298 ideas
- Storage 678 ideas
- StorSimple 45 ideas
- Stream Analytics 225 ideas
- Support Feedback 251 ideas
- System Center Data Protection Manager 105 ideas
- Update Management 111 ideas
- Virtual Machines 1,395 ideas
- Web Apps 330 ideas
Microsoft Azure