diff --git a/docs/features/azure-iam/index.mdx b/docs/features/azure-iam/index.mdx index 57c38d971..21dfd20a3 100644 --- a/docs/features/azure-iam/index.mdx +++ b/docs/features/azure-iam/index.mdx @@ -52,6 +52,19 @@ spec: type: azure azureRoles: - "Storage Blob Data Contributor" + - name: "/providers/Microsoft.KeyVault/vaults/otterizetutorialazureiamkeyvault" + type: azure + # Optional - Grant Azure Key Vault data plane access by using Key Vault access policy + azureKeyVaultPolicy: + certificatePermissions: + - "all" + keyPermissions: + - "all" + secretPermissions: + - "all" + storagePermissions: + - "get" + - "list" ``` ### Automatically generating ClientIntents for Azure IAM diff --git a/docs/features/azure-iam/reference.mdx b/docs/features/azure-iam/reference.mdx index 99686d439..046b9da79 100644 --- a/docs/features/azure-iam/reference.mdx +++ b/docs/features/azure-iam/reference.mdx @@ -21,6 +21,19 @@ spec: # one or more Azure roles that will be provided to the specified resources azureRoles: - "Storage Blob Data Contributor" + - name: "/providers/Microsoft.KeyVault/vaults/otterizetutorialazureiamkeyvault" + type: azure + # Optional - Grant Azure Key Vault data plane access by using Key Vault access policy + azureKeyVaultPolicy: + certificatePermissions: + - "all" + keyPermissions: + - "all" + secretPermissions: + - "all" + storagePermissions: + - "get" + - "list" ``` ### Annotations