HomeAzure ARM Template: “ObjectID” with Azure Key vault policy assignment

Azure ARM Template: “ObjectID” with Azure Key vault policy assignment

February 12, 2019February 12, 2019 Samir Farhat Azure, Microsoft Azure, UncategorizedAzure Resource Manager, Key vault, Templates

Hi all,

When you author ARM Templates, and you are deploying a Key Vault and setting the Access Policies via the template, be careful about the content of the objectID.

  "accessPolicies" : [                    {                        "tenantId": "xxxxx-30d9-xxxxx-8015-ddddddd",                        "objectId": "rrrrr-tttt-rrrr-rrrr-tttttt",                        "permissions": {
               "keys": ["all"],
               "secrets": ["all"] 
                }
                    },

If you are assigning the policy to a user account, use the objectId value found on Azure AD:

If you are assigning the policy to a Service Principal, use the ObjectID of the Application that you can get from the Enterprise Application blade, and not the App Registration blade.

Good

Wrong

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

%d bloggers like this:

buildwindows

A way to share my knowledge with the community

Azure ARM Template: “ObjectID” with Azure Key vault policy assignment

Leave a Reply Cancel reply

Share this:

Like this:

Related

Leave a Reply Cancel reply