Set-KeyVaultAccessPolicy

Azure: Sets a Key Vault access policy

Script

param(
	[Parameter(Mandatory = $true)]
	[string]$VaultName,

	[Parameter(Mandatory = $true)]
	[string]$UserPrincipalName,

	[Parameter(Mandatory = $false)]
	[string[]]$PermissionsToKeys,

	[Parameter(Mandatory = $false)]
	[string[]]$PermissionsToSecrets,

	[Parameter(Mandatory = $false)]
	[string[]]$PermissionsToCertificates
)

try {
	Import-Module Az.KeyVault -ErrorAction Stop

	[hashtable]$cmdArgs = @{ 'VaultName' = $VaultName; 'UserPrincipalName' = $UserPrincipalName; 'ErrorAction' = 'Stop' }
	if ($PermissionsToKeys) { $cmdArgs.Add('PermissionsToKeys', $PermissionsToKeys) }
	if ($PermissionsToSecrets) { $cmdArgs.Add('PermissionsToSecrets', $PermissionsToSecrets) }
	if ($PermissionsToCertificates) { $cmdArgs.Add('PermissionsToCertificates', $PermissionsToCertificates) }

	Set-AzKeyVaultAccessPolicy @cmdArgs | Out-Null
	Write-Output "Successfully set access policy for '$UserPrincipalName' on vault '$VaultName'."
} catch {
	Write-Error $_
	exit 1
}

Customize

VaultName string

The name of the Key Vault.

UserPrincipalName string

The user principal name (UPN) to grant access.

PermissionsToKeys string

Array of key permissions (e.g. get, list, set, delete).

PermissionsToSecrets string

Array of secret permissions (e.g. get, list, set, delete).

PermissionsToCertificates string

Array of certificate permissions (e.g. get, list, delete).