Forum Discussion
Azure Policy Guardrail
Hi All, I have the following requirement to set the guardrails for the secrets stored in the AKV. Environment 1. I have 100s of Azure Subscriptions and in each subs, there are 1-2 AKV configured ...
Yes I guess you need to evault Azure key vault RBAC roles specifically you can assing 1-2 folks to create and manage the keys including the vault and rest becomes Key vault users who just reads the keys
If they are spread across subscription recommended to use key vault either per subscription or per environment (Prod, Dev etc . ) this way if the vault or keys get compromised you can have minimum blast radius to control
https://learn.microsoft.com/en-us/azure/key-vault/general/rbac-guide?tabs=azure-cli
Refer this Below URL
https://learn.microsoft.com/en-us/azure/key-vault/general/best-practices
Please "Accept as Answer" if it helped so it can help others in community looking for help on similar topics.
If they are spread across subscription recommended to use key vault either per subscription or per environment (Prod, Dev etc . ) this way if the vault or keys get compromised you can have minimum blast radius to control
https://learn.microsoft.com/en-us/azure/key-vault/general/rbac-guide?tabs=azure-cli
Refer this Below URL
https://learn.microsoft.com/en-us/azure/key-vault/general/best-practices
Please "Accept as Answer" if it helped so it can help others in community looking for help on similar topics.