|
|
|
|
|
|
by thenewwazoo
3415 days ago
|
|
|
Sometimes! (Full disclosure: MS employee, big-time Azure user in a different group) An AAD Application can act on behalf of a logged-in user (using OAuth2 or openid) with the correct delegated permissions. This means you can grant key/secret/certificate CRUD privileges to an AAD user or group, and then use OAuth to obtain a token granting access to the KeyVault resource. All activity is performed by the client (read: application) on behalf of the user (read: human) against the resource (read: key) without having to store any secrets at all. I use the keyvault pretty extensively, and have really grown to like it. |
|
|