https://www.kallemarjokorpi.fi/blog/assigning-access-policies-to-keyvault-with-bicep.html

[kalleantero]

Blog by Kalle Marjokorpi

This blog is concentrated to Microsoft and cloud technology, coding and architecture. Solutions, tips and knowledge from a developer to developer.

https://www.kallemarjokorpi.fi/blog/assigning-access-policies-to-keyvault-with-bicep.html

[kalleantero]

Migrated from Cusdis. Written by jason at 2022-02-18 09:57.

Did this actually work for you? It builds fine but it doesn't set the access policies properly either.

[kalleantero]

Migrated from Cusdis. Written by jason at 2022-02-18 09:57.

Did this actually work for you? It builds fine but it doesn't set the access policies properly either.

Migrated from Cusdis. Written by Kalle Marjokorpi at 2022-04-20 14:16.

Hi Jason, yes it worked. We are currently using this kind of setup in the production.

[kalleantero]

Migrated from Cusdis. Written by donny at 2022-07-29 23:06.

I tried this, but got the error: { "status": "Failed", "error": { "code": "BadRequest", "message": "An invalid value was provided for 'accessPolicies[0].Permissions.screts'." } }

[kalleantero]

Migrated from Cusdis. Written by Aaron K at 2023-03-21 13:58.

Thanks for this - it works perfectly! Much appreciated.

[shivanaru]

Could we not do this in your keyvaultpolicy.bicep file, as well?

resource funcAppKeyVaultPermissions 'Microsoft.KeyVault/vaults/accessPolicies@2023-02-01' = { name: 'add' parent: keyVault properties: { accessPolicies: [ { tenantId: subscription().tenantId objectId: functionAppPrincipalId permissions: { secrets: [ 'get' ] } } ] } }

[kalleantero]

Could we not do this in your keyvaultpolicy.bicep file, as well?

Yes, you can assign KeyVault access policies also like you showed.