Define Policy on Azure KeyVault Key using KeyVaultClient

Question

I need help to define policy to Azure KeyVault Key (not secret) similar to code below. Since we already have the keyvault created I cant use below code.

What we are doing: We are creating Key and attaching the URL to SQL PAAS for TDE SQL Server TDE with Azure KeyVault

Below is the example of creating vault and setting up policy

var vault = azure.Vaults.Define(vaultName)
                    .WithRegion(Region.USSouthCentral)
                    .WithExistingResourceGroup(rgName)
                    .DefineAccessPolicy()
                        .ForObjectId(sqlServer.SystemAssignedManagedServiceIdentityPrincipalId)
                        .AllowKeyPermissions(KeyPermissions.WrapKey, KeyPermissions.UnwrapKey, KeyPermissions.Get, KeyPermissions.List)
                        .Attach()
                    .DefineAccessPolicy()
                        .ForServicePrincipal(Azure_SP_ClientId)
                        .AllowKeyAllPermissions()
                        .Attach()
                    .Create();

Answer 1

According to my test, if you want to define a new policy for an existing key vault and manage sql key in Key Vault, please refer to the following code

 var vault1 = azure.Vaults.GetByResourceGroup();
              var  vault1 = vault1.Update()
                        .DefineAccessPolicy()
                            .ForServicePrincipal("your application id")
                            .AllowKeyAllPermissions()
                            .Attach()
                        .Apply();
           var key = vault1.Keys.Define(keyname)
                  .WithKeyTypeToCreate(JsonWebKeyType.RSA)
                  .WithKeyOperations(JsonWebKeyOperation.ALL_OPERATIONS)
                  .Create();
            var sql =azure.SqlServers.GetByResourceGroup(groupName, name);

            SqlServerKey sqlServerKey= sql.ServerKeys.Define().WithAzureKeyVaultKey(key.JsonWebKey.Kid)
                 .Create();