2020-05-06

In the recent years, Azure services has become the common go to platform to develop, host many small to large enterprise applications and the commonly used service to extend / implement any custom O365 functionality like site provisioning, custom governance application etc. Azure KeyVault will be one of the heavily used one across all the types of Business solution to store the secret / certificate / keys etc.

Recently, I was involved in implementing a various application for a client where we must keep some of the secret data like connectionstring for Sql, Access tokens, Instrument keys etc in a single KeyVault. Here we will quickly see how to setup the access policies in the KeyVault for a multiple service principal registered in the tenant using the ARM template.

KeyVault Template - Multiple ServicePrincipal with fixed permission.

KeyVault Template - Multiple ServicePrincipal with variable permission.

The below template takes an array of serviceprincipal object id’s along with the permission as a Json and sets the access policies accordingly.

The below template takes an array of serviceprincipal object id’s along with the permission as a Json and sets the access policies accordingly.

Template parameters: The paramters value can be passed as below either using the PowerShell / Cli / Azure Devops tasks.

-keyVaultName “kv-cb-set-accesspolicies” -keyVaultLocation “UK South” -servicePrincipalObjects [{“Id”:”aaaxxxxxxxxxxxx-c35b00c6e6e1”, “Permissions”:{“keys”: [],”secrets”: [“Get”,”List”],”certificates”:[]}}]

(Visited 1,807 times, 1 visits today)

About the author 

Balamurugan Kailasam

Summit Bundle

Get 200+ hours of Microsoft 365 Training for 7$!

Master Office 365, Power Platform & SharePoint & Teams With 200+ Hours Of Training Videos in the Collab365 Academy. This offer is insane and is only available for a limited period.