Azure Key Vault Access Policies: Adding an Application

Azure Key Vault is a centralized storage for secrets and allows the control of its distribution.

For an application to use and access the Keys/Certificates/Secrets from a Key Vault you must have to create the access policy for it.

Access Policies in AKV is basically providing the type of access and level of permissions you want a user/group or an application to have.

Access Policy location
Access Policy 2

In this example we’ll be adding storage account “akvintegrationsa” in the access policy for AKV “storagess-akv”.

For adding any application into the Access Policy we either need its Principal ID or name. I prefer using PrincipalID as we have many applications having nomenclature of ‘some name relevant to resource’ + ‘number’. So to avoid confusion for myself I prefer using Principal ID.

We will first create a variable and store our storage account as an object into it.

PS Azure:\> $sastorageaccount = Set-AzStorageAccount -ResourceGroupName TestingAKV -Name akvintegrationsa -AssignIdentity

Now once we have the storage account we just to get the Principal Id for it.

PS Azure:\> $sastorageaccount.Identity.PrincipalId
c43f296b-f490-42ee-9967-d5a5bdb54046

c43f296b-f490-42ee-9967-d5a5bdb54046 is the Principal Id for our storage account. This method can be used with any application we just need to assign the variable with the application we want to use.

Now to add this PrincipalID we have to goto our AKV -> Access Policy ->
“+ Add Access Policy”. Select the permissions and than click on “Select Principal”.

creating access policy

In the Principal tab paste the Principal Id in the “Select” text box.

Adding principal

Once selected click Add and we are done.

final

Now Storage Account akvintegrationsa has access to Azure Key Vault secrets.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s