chandra shekhar
Reputation: 93
How to determine via commands or terraform the status of Azure key Vault policy, Does it have access policies or RBAC?
How to determine via commands or terraform the status of Azure key Vault policy, Does it have access policies or RBAC?
I want to create a condition inside module to check if KV has access polices or rbac and assign permission accordingly
Upvotes: 0
Views: 265
Answers (1)
Gaurav Mantri
Reputation: 136196
You can check for enableRbacAuthorization property for your key vault when you get the details using az keyvault show. A value of true means data actions are authorized using Azure RBAC.
For example, this is the output for one of the key vaults in my Azure Subscription where Azure RBAC authorization is turned on for the key vault:
{
"id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/rgname/providers/Microsoft.KeyVault/vaults/kvname",
"location": "eastus2",
"name": "kvname",
"properties": {
"accessPolicies": [
{
"applicationId": null,
"objectId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"permissions": {
"certificates": [
"all"
],
"keys": [
"all"
],
"secrets": [
"all"
],
"storage": [
"all"
]
},
"tenantId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}
],
"createMode": null,
"enablePurgeProtection": true,
"enableRbacAuthorization": true,
"enableSoftDelete": true,
"enabledForDeployment": true,
"enabledForDiskEncryption": true,
"enabledForTemplateDeployment": true,
"hsmPoolResourceId": null,
"networkAcls": null,
"privateEndpointConnections": null,
"provisioningState": "Succeeded",
"publicNetworkAccess": "Enabled",
"sku": {
"family": "A",
"name": "standard"
},
"softDeleteRetentionInDays": 90,
"tenantId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"vaultUri": "https://kvname.vault.azure.net/"
},
"resourceGroup": "rgname",
"systemData": {
"createdAt": "2023-06-02T05:53:35.713000+00:00",
"createdBy": "[email protected]",
"createdByType": "User",
"lastModifiedAt": "2023-06-02T05:53:35.713000+00:00",
"lastModifiedBy": "[email protected]",
"lastModifiedByType": "User"
},
"tags": {},
"type": "Microsoft.KeyVault/vaults"
}
For more details, please see this link: https://learn.microsoft.com/en-us/rest/api/keyvault/keyvault/vaults/get.
Upvotes: 0
Related Questions
- Terraform Azure Key Vault Access Policy Create/Destroy Loop
- Azure Key Vault Access Policy Error - Terraform Configuration Issue
- Terraform - Managing Keyvault Access Policies or RBAC using Terraform as source of truth
- Azure Data Factory key vault access policy is getting deleted when I do redeploy of terraform code?
- Terraform Apply throwing error related to access policy with Azure Key Vault
- Unable to create secrets in Azure Key Vault if using Azure role-based access control
- Problems with Azure Key Vault Access Policies when running Terraform Apply
- Terraform - Importing multiple Azure KeyVault Access Policies
- Azure Key Vault Access Policy Doesn't Work For Groups
- key Vault access policies for encrypted vm azure backup - Terraform