luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Backport of secrets/azure: update minimal permissions recommendation into release/1.14.x (#21917) 

* no-op commit due to failed cherry-picking

* secrets/azure: update minimal permissions recommendation (#21897)

---------

Co-authored-by: temp <temp@hashicorp.com>
Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>
This commit is contained in:
hc-github-team-secure-vault-core 2023-07-18 15:18:53 -04:00 committed by GitHub
parent 17a6700f6c
commit 299f33d016
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
website/content/docs/secrets/azure.mdx
View File

@ -226,12 +226,23 @@ in the configuration or environment variables.
### MS Graph API Permissions
The following MS Graph [API permissions](https://learn.microsoft.com/en-us/azure/active-directory/develop/permissions-consent-overview#types-of-permissions)
must be assigned to the service principal provided to Vault for managing Azure:
must be assigned to the service principal provided to Vault for managing Azure. The permissions
differ depending on if you're using [dynamic or existing](#choosing-between-dynamic-or-existing-service-principals)
service principals.
#### Dynamic Service Principals
| Permission Name | Type |
| ----------------------------- | ----------- |
| Application.ReadWrite.OwnedBy | Application |
| GroupMember.ReadWrite.All | Application |
#### Existing Service Principals
| Permission Name | Type |
| ----------------------------- | ----------- |
| Application.ReadWrite.All | Application |
| Group.ReadWrite.All | Application |
| GroupMember.ReadWrite.All | Application |
### Role Assignments