![]() When that is done, we’ll need to wait a couple of seconds for the role assignments to propagate fully in Azure. Set-AzKeyVaultAccessPolicy -VaultName $kvname -UserPrincipalName $userId -PermissionsToStorage get, list, delete, set, update, regeneratekey, getsas, listsas, deletesas, setsas, recover, backup, restore, purge Write-Output "Give my user access to KV storage permissions" # Give my user access to KV storage permissions New-AzRoleAssignment -ApplicationId $keyVaultSpAppId -RoleDefinitionName 'Storage Account Key Operator Service Role' -Scope $stacc2.Id New-AzRoleAssignment -ApplicationId $keyVaultSpAppId -RoleDefinitionName 'Storage Account Key Operator Service Role' -Scope $stacc.Id Write-Output "Give KV permissions on Storage to rotate keys" # Give KV permissions on Storage to rotate keys The control (Azure API) and data plane (Key Vault itself) are configured independently). Then we’ll give my user account permissions in the key vault itself ( FYI: Even if you are owner of a Key Vault that doesn’t give you access to the objects in the vault. First, we’ll give key vault permission to rotate the keys in the storage account. ![]() $kv = New-AzKeyVault -VaultName $kvname -ResourceGroupName $rgname -Location $location $stacc2 = New-AzStorageAccount -ResourceGroupName $rgname -Location $location -Name $staccname2 -SkuName Standard_LRS $stacc = New-AzStorageAccount -ResourceGroupName $rgname -Location $location -Name $staccname -SkuName Standard_LRS New-AzResourceGroup -Name $rgname -Location $location Meaning resource group, storage accounts and key vault: # Login ![]() I’ll walk you through the steps here.įirst up, we’ll setup a number of variables. If you want to execute this all-in-one, you can find the script on Github. To setup the storage accounts and have key vault manage the, I decided to use Azure PowerShell. Setting up storage accounts and key vault So, let’s start at the beginning, creating the two storage accounts, the key vault and configuring the key vault for managing the storage accounts.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |