Unit 7: Configure Azure Key Vault Access

Two Access Models

Azure Key Vault supports:

• Access policies.
• Azure RBAC.

Access policies provide very granular control but are harder to scale. Azure RBAC provides centralized management and is preferred for larger environments.

Using Access Policies

Access policies define:

• Who can access secrets, keys, or certificates.
• Which operations are allowed.

There is a limit of 1,024 access policies per vault, so assigning policies to groups is strongly recommended.

Using Azure RBAC with Key Vault

When RBAC is enabled:

• Permissions are managed through IAM.
• Built-in Key Vault roles are used.
• Access can be scoped consistently.

Microsoft recommends using one Key Vault per application per environment.