Merge pull request microsoft#2879 from nabeelmsft/contosomotorswork

Addressing issue# 2875, added access policies for the keyvault
chintalavr · Dec 12, 2024 · e3e1212 · e3e1212
2 parents e96af90 + 225b8cb
commit e3e1212
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 1 deletion.
diff --git a/azure_jumpstart_ag/contoso_motors/bicep/data/keyVault.bicep b/azure_jumpstart_ag/contoso_motors/bicep/data/keyVault.bicep
@@ -24,6 +24,9 @@ param resourceTags object = {
   Project: 'Jumpstart_azure_aio'
 }
 
+@description('Azure service principal object id')
+param spnObjectId string
+
 resource akv 'Microsoft.KeyVault/vaults@2023-02-01' = {
   name: akvNameSite1
   location: location
@@ -33,7 +36,15 @@ resource akv 'Microsoft.KeyVault/vaults@2023-02-01' = {
       name: akvSku
       family: 'A'
     }
-    accessPolicies: []
+    accessPolicies: [
+      {
+      tenantId: tenantId
+      objectId: spnObjectId
+      permissions: {
+        secrets: ['get', 'list']
+      }
+    }
+  ]
     enableSoftDelete: false
     tenantId: tenantId
   }

diff --git a/azure_jumpstart_ag/contoso_motors/bicep/main.bicep b/azure_jumpstart_ag/contoso_motors/bicep/main.bicep
@@ -187,6 +187,7 @@ module keyVault 'data/keyVault.bicep' = {
     akvNameSite1: akvNameSite1
     akvNameSite2: akvNameSite2
     location: location
+    spnObjectId: spnObjectId
   }
 }