Azure Key Vault is a centralized storage for secrets and allows the control of its distribution.
For an application to use and access the Keys/Certificates/Secrets from a Key Vault you must have to create the access policy for it.
Access Policies in AKV is basically providing the type of access and level of permissions you want a user/group or an application to have.
In this example we’ll be adding storage account “akvintegrationsa” in the access policy for AKV “storagess-akv”.
For adding any application into the Access Policy we either need its Principal ID or name. I prefer using PrincipalID as we have many applications having nomenclature of ‘some name relevant to resource’ + ‘number’. So to avoid confusion for myself I prefer using Principal ID.
We will first create a variable and store our storage account as an object into it.
PS Azure:\> $sastorageaccount = Set-AzStorageAccount -ResourceGroupName TestingAKV -Name akvintegrationsa -AssignIdentity
Now once we have the storage account we just to get the Principal Id for it.
PS Azure:\> $sastorageaccount.Identity.PrincipalId c43f296b-f490-42ee-9967-d5a5bdb54046
c43f296b-f490-42ee-9967-d5a5bdb54046 is the Principal Id for our storage account. This method can be used with any application we just need to assign the variable with the application we want to use.
Now to add this PrincipalID we have to goto our AKV -> Access Policy ->
“+ Add Access Policy”. Select the permissions and than click on “Select Principal”.
In the Principal tab paste the Principal Id in the “Select” text box.
Once selected click Add and we are done.
Now Storage Account akvintegrationsa has access to Azure Key Vault secrets.