Skip to content

Update key-vault-secret-create template to use RBAC instead of access policies#14705

Merged
alex-frankel merged 5 commits intoAzure:masterfrom
msmbaldwin:akv-key-vault-secret-create
May 6, 2026
Merged

Update key-vault-secret-create template to use RBAC instead of access policies#14705
alex-frankel merged 5 commits intoAzure:masterfrom
msmbaldwin:akv-key-vault-secret-create

Conversation

@msmbaldwin
Copy link
Copy Markdown
Contributor

@msmbaldwin msmbaldwin commented Apr 10, 2026

Updates the key-vault-secret-create template to use Azure RBAC authorization instead of legacy access policies.

Changes

  • Removed accessPolicies array and parameters (objectId, keysPermissions, secretsPermissions)
  • Added enableRbacAuthorization: true, enableSoftDelete, softDeleteRetentionInDays
  • Updated API version from 2021-04-01-preview2023-07-01
  • Updated metadata, README, parameter files

Part of a series to modernize Key Vault quickstart templates to RBAC.

@msmbaldwin
Update key-vault-secret-create template to use RBAC instead of access…
0830726 
… policies

- Remove accessPolicies array and related parameters (objectId, keysPermissions, secretsPermissions)
- Add enableRbacAuthorization: true, enableSoftDelete, softDeleteRetentionInDays
- Update API version to 2023-07-01
- Update metadata, README, and parameter files
- Add testResult to metadata.json (new CI requirement)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@azure-quickstarts azure-quickstarts added remove azuredeploy.json bicep sample, remove json from PR metadata violations metadata violations during PR labels Apr 10, 2026
@msmbaldwin
Remove azuredeploy.json (auto-generated from bicep) and testResult fr…
36b80a2 
…om metadata

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@azure-quickstarts azure-quickstarts removed remove azuredeploy.json bicep sample, remove json from PR metadata violations metadata violations during PR labels Apr 10, 2026
@msmbaldwin msmbaldwin mentioned this pull request Apr 10, 2026
Merged
@msmbaldwin
Add testResult to metadata.json
ab1942f 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@azure-quickstarts azure-quickstarts added the metadata violations metadata violations during PR label Apr 24, 2026
@azure-quickstarts azure-quickstarts removed the metadata violations metadata violations during PR label May 1, 2026
@msmbaldwin
Copy link
Copy Markdown
Contributor Author

msmbaldwin commented May 1, 2026

#sign-off

MAC is green. The red "Validate" check is the known testResult schema conflict — Validate requires the field, the MAC schema rejects it. Same situation under which #14717 and #14719 were recently merged.

@msmbaldwin
Retrigger CI
29ecffe 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
alex-frankel
alex-frankel approved these changes May 6, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@alex-frankel alex-frankel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Old-rules compliant; AzQuickStarts-MAC passed. Modernizes key-vault-secret-create: drops legacy JSON, switches from access policies to RBAC (+8/-191).

@alex-frankel alex-frankel merged commit 8cffda6 into Azure:master May 6, 2026
3 of 5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alex-frankel alex-frankel alex-frankel approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@msmbaldwin @alex-frankel @azure-quickstarts