RBAC support

[sidprasher]

[Enter feedback here]

Can you please clarify in the documentation if the use of AKV RBAC with Batch accounts is supported?

Document Details

⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

• ID: ed4a0599-ef6d-2759-503d-417419c89c76
• Version Independent ID: 840f7995-98b4-94b8-cccd-1cd3955d81be
• Content: Configure customer-managed keys for your Azure Batch account with Azure Key Vault and Managed Identity - Azure Batch
• Content Source: articles/batch/batch-customer-managed-key.md
• Service: batch
• GitHub Login: @Padmalathas
• Microsoft Alias: padmalathas

[RamanathanChinnappan-MSFT]

@sidprasher

Thanks for your feedback! We will investigate and update as appropriate.

[AjayBathini-MSFT]

@sidprasher

Yes, according to the documentation, the use of Azure Key Vault RBAC (Role-Based Access Control) with Batch accounts is supported.

The documentation you referenced, which describes how to use Customer Managed Keys with Azure Batch, states that you can use either Key Vault Access Policies or Key Vault RBAC to grant the Batch service permission to access your Azure Key Vault.

In particular, the documentation notes that "using Azure Key Vault RBAC is recommended for granting Batch access to your key vaults, as it offers more granular permissions control." The documentation then goes on to provide step-by-step instructions for setting up Key Vault RBAC to allow Batch to access your keys.

So, in summary, the use of Azure Key Vault RBAC with Batch accounts is supported and recommended for granting permission to access your Azure Key Vault.

Using Customer Managed Keys with Azure Batch: https://docs.microsoft.com/en-us/azure/batch/batch-customer-managed-keys

Granting Batch access to Azure Key Vault using Azure Key Vault RBAC: https://docs.microsoft.com/en-us/azure/batch/batch-customer-managed-keys#grant-batch-access-to-your-key-vault-using-azure-key-vault-rbac

[sidprasher]

Thanks, although I can not find the text that you quote ("using Azure Key Vault RBAC is recommended for granting Batch access to your key vaults, as it offers more granular permissions control.") in the page (https://learn.microsoft.com/en-us/azure/batch/batch-customer-managed-key)

The urls you share result in 404 for me - so maybe these are not yet published or have a typo (extra 's' in keys perhaps? in which case the quoted text is missing)

[AjayBathini-MSFT]

@sidprasher https://learn.microsoft.com/en-us/azure/batch/batch-customer-managed-key

The use of Azure Key Vault RBAC with Batch accounts is supported and documented on the Azure Batch documentation website. In the "Grant your Batch account permissions to use your key vault" section of the article "Configure customer-managed keys for your Azure Batch account with Azure Key Vault and Managed Identity", it explains how to use Azure Key Vault RBAC to grant permissions to your Batch account by creating a service principal for your Batch account and assigning it the appropriate role for your Key Vault.