Document Azure Key Vault permissions support (#214)

otterize · Mar 26, 2024 · dcca9e7 · dcca9e7
1 parent 45424ff
commit dcca9e7
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 0 deletions.
diff --git a/docs/features/azure-iam/index.mdx b/docs/features/azure-iam/index.mdx
@@ -52,6 +52,19 @@ spec:
       type: azure
       azureRoles:
         - "Storage Blob Data Contributor"
+    - name: "/providers/Microsoft.KeyVault/vaults/otterizetutorialazureiamkeyvault"
+      type: azure
+      # Optional - Grant Azure Key Vault data plane access by using Key Vault access policy
+      azureKeyVaultPolicy:
+        certificatePermissions:
+          - "all"
+        keyPermissions:
+          - "all"
+        secretPermissions:
+          - "all"
+        storagePermissions:
+          - "get"
+          - "list"
 ```
 
 ### Automatically generating ClientIntents for Azure IAM

diff --git a/docs/features/azure-iam/reference.mdx b/docs/features/azure-iam/reference.mdx
@@ -21,6 +21,19 @@ spec:
       # one or more Azure roles that will be provided to the specified resources
       azureRoles:
         - "Storage Blob Data Contributor"
+    - name: "/providers/Microsoft.KeyVault/vaults/otterizetutorialazureiamkeyvault"
+      type: azure
+      # Optional - Grant Azure Key Vault data plane access by using Key Vault access policy
+      azureKeyVaultPolicy:
+        certificatePermissions:
+          - "all"
+        keyPermissions:
+          - "all"
+        secretPermissions:
+          - "all"
+        storagePermissions:
+          - "get"
+          - "list"
 ```
 
 ### Annotations