Home > database >  Only allow encryption access for key in Azure Key Vault with Azure RBAC enabled
Only allow encryption access for key in Azure Key Vault with Azure RBAC enabled

Time:01-18

I have an Azure Key Vault with Azure RBAC enabled. I have a key in that vault that I use for encryption and decryption. I would like to only allow admins to use the key to decrypt data. Regular users should only be able to encrypt data using the key. Is that possible? None of the roles listed seem to do what I want.

CodePudding user response:

You could make custom roles that contain the dataActions that you want for both cases. You can find available actions here: https://learn.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations#microsoftkeyvault.

You can see definitions for built-in roles here: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#key-vault-certificates-officer.

Instructions how to make a custom role: https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles

  • Related