Exploring Azure KeyVault RBAC vs Access Policies Permission Model

Azure KeyVault is a secret and key management service that allows you to store and manage sensitive information such as passwords, keys, and certificates. Azure KeyVault helps you control your applications' secrets by keeping them in a single, central location and by providing secure access, permissions control, and access logging capabilities.

The KeyVault offer two types of permission models, RBAC and Access Policies. RBAC is role-based access control, which is used to manage access to Azure resources. Access Policies are used to manage access to KeyVault secrets and keys. While the access policies are used to manage access to KeyVault secrets and keys, RBAC is used to manage access to KeyVault itself simplifying the management of access to KeyVault secrets and keys.

In this hands-on lab, you will understand various permission models in Azure KeyVault and create access policies for Azure KeyVault. You will also understand RBAC roles for Azure KeyVault and create secrets using RBAC and Access Policies in Azure KeyVault.

Learning objectives

Upon completion of this intermediate-level lab, you will be able to:

• Understand various permission models in Azure KeyVault
• Create access policies for Azure KeyVault
• Understand RBAC roles for Azure KeyVault
• Create secrets using RBAC and Access Policies in Azure KeyVault

Intended audience

• Candidates for Azure Administrator Associate certification (AZ-104)
• Cloud Architects
• Data Engineers
• DevOps Engineers

Prerequisites

Familiarity with the following will be beneficial but is not required:

• Azure KeyVault

The following content can be used to fulfill the prerequisites:

• Azure Key Vault and Disk Encryption