Create Azure Key Vault credentials with the following permissions.
Scope | Permission | Description |
|---|---|---|
Certificate | get | Required to retrieve certificate details and PEM-encoded certificate bodies. Without this permission, the plugin can list certificates but cannot retrieve their data. |
list | Required to enumerate all certificates in the vault. Without this permission, the plugin cannot discover certificates. | |
Key | get | Required to retrieve key details and public key data for asymmetric keys. Without this permission, the plugin can list keys but cannot retrieve public keys or metadata. |
list | Required to enumerate all keys in the vault. Without this permission, the plugin cannot discover keys. | |
Secret | get | Required to retrieve secret metadata. The plugin does not retrieve secret values; however, this permission is needed for metadata access. Without this permission, the plugin can list secrets but cannot retrieve metadata. |
list | Required to enumerate all secrets in the vault. Without this permission, the plugin cannot discover secrets. |
The following credential creation modes are supported: