Improve this page

Build Status

Ready for Production

Give KeyVault permissions on storage account (V2) using the current active subscription

Template Locations

  Assign KeyVault roles script on GIT

package in CloudBoostLibrary feed in Azure Artifacts

Used by

The script

# Give KeyVault permissions on storage account (V2) using the current active subscription
param 
(
     [Parameter(Mandatory = $true, HelpMessage = "Name of the customer")]
     [string] $Customer,
     [Parameter(Mandatory = $true, HelpMessage = "Name of the environment (d, t, a, p)")]
     [string] $Environment
) 

$subscription = az account show -o json | ConvertFrom-Json
$subscriptionId = $subscription.id

$intExternal = 'i','e'
$applicationName = 'ada'
$StorageAccountAbbr = 'sa'

foreach ($specifier in $intExternal) {
     $resourceGroup = "$Customer-app-ada-$Environment"
     $storageAccount = "$Customer$StorageAccountAbbr$specifier$applicationName$Environment"
     az role assignment create --role "Storage Account Key Operator Service Role" `
                               --assignee 'https://vault.azure.net' `
                               --scope "/subscriptions/$subscriptionId/resourceGroups/$resourceGroup/providers/Microsoft.Storage/storageAccounts/$storageAccount"
}