update

Author: msmbaldwin

articles/key-vault/certificates/quick-create-cli.md

@@ -28,6 +28,10 @@ In this quickstart, you create a key vault in Azure Key Vault with Azure CLI. Az
 
 [!INCLUDE [Create a key vault](../includes/key-vault-creation-cli.md)]
 
+## Give your user account permissions to manage secrets in Key Vault
+
+[!INCLUDE [Using RBAC to provide access to a key vault](../includes/rbac/upn-certificate-officer-cli.md)]
+
 ## Add a certificate to Key Vault
 
 To add a certificate to the vault, you just need to take a couple of additional steps. This certificate could be used by an application. 

articles/key-vault/certificates/quick-create-powershell.md

@@ -34,9 +34,9 @@ Connect-AzAccount
 
 [!INCLUDE [Create a key vault](../includes/key-vault-creation-powershell.md)]
 
-### Grant access to your key vault
+## Give your user account permissions to manage secrets in Key Vault
 
-[!INCLUDE [Using RBAC to provide access to a key vault](../includes/key-vault-quickstart-rbac-powershell.md)]
+[!INCLUDE [Using RBAC to provide access to a key vault](../includes/rbac/upn-certificate-officer-powershell.md)]
 
 ## Add a certificate to Key Vault
 

includes/key-vault/rbac/upn-secrets-officer-cli.md renamed to articles/key-vault/includes/rbac/upn-certificate-officer-cli.md

@@ -12,7 +12,7 @@ ms.author: msmbaldwin
 To gain permissions to your key vault through [Role-Based Access Control (RBAC)](/azure/key-vault/general/rbac-guide.md), assign a role to your "User Principal Name" (UPN) using the Azure CLI command [az role assignment create](/cli/azure/role/assignment#az-role-assignment-create).
 
 ```azurecli
-az role assignment create --role "Key Vault Secrets Officer" --assignee "<upn>" --scope "/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.KeyVault/vaults/<your-unique-keyvault-name>"
+az role assignment create --role "Key Vault Certificate Officer" --assignee "<upn>" --scope "/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.KeyVault/vaults/<your-unique-keyvault-name>"
 ```
 
 Replace \<upn\>, \<subscription-id\>, \<resource-group-name\> and \<your-unique-keyvault-name\> with your actual values. Your UPN will typically be in the format of an email address (e.g., [email protected]).

includes/key-vault/rbac/upn-crypto-user-pivot.md renamed to articles/key-vault/includes/rbac/upn-certificate-officer-pivot.md

@@ -11,10 +11,10 @@ ms.author: msmbaldwin
 
 ### [Azure CLI](#tab/azure-cli)
 
-[!INCLUDE [Using RBAC to provide access to a key vault - CLI](./upn-crypto-user-cli.md)]
+[!INCLUDE [Using RBAC to provide access to a key vault - CLI](./upn-certificate-officer-cli.md)]
 
 ### [Azure PowerShell](#tab/azure-powershell)
 
-[!INCLUDE [Using RBAC to provide access to a key vault - PowerShell](./upn-crypto-user-powershell.md)]
+[!INCLUDE [Using RBAC to provide access to a key vault - PowerShell](./upn-certificate-officer-powershell.md)]
 
 ---

includes/key-vault/rbac/upn-crypto-officer-powershell.md renamed to articles/key-vault/includes/rbac/upn-certificate-officer-powershell.md

@@ -12,7 +12,7 @@ ms.author: msmbaldwin
 To gain permissions to your key vault through [Role-Based Access Control (RBAC)](/azure/key-vault/general/rbac-guide.md), assign a role to your "User Principal Name" (UPN) using the Azure PowerShell cmdlet [New-AzRoleAssignment](/powershell/module/az.resources/new-azroleassignment).
 
 ```azurepowershell
-New-AzRoleAssignment -SignInName "<upn>" -RoleDefinitionName "Key Vault Crypto Officer" -Scope "/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.KeyVault/vaults/<your-unique-keyvault-name>"
+New-AzRoleAssignment -SignInName "<upn>" -RoleDefinitionName "Key Vault Certificate Officer" -Scope "/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.KeyVault/vaults/<your-unique-keyvault-name>"
 ```
 
 Replace \<upn\>, \<subscription-id\>, \<resource-group-name\> and \<your-unique-keyvault-name\> with your actual values. Your UPN will typically be in the format of an email address (e.g., [email protected]).

includes/key-vault/rbac/upn-crypto-officer-cli.md renamed to articles/key-vault/includes/rbac/upn-certificate-user-cli.md

@@ -12,7 +12,7 @@ ms.author: msmbaldwin
 To gain permissions to your key vault through [Role-Based Access Control (RBAC)](/azure/key-vault/general/rbac-guide.md), assign a role to your "User Principal Name" (UPN) using the Azure CLI command [az role assignment create](/cli/azure/role/assignment#az-role-assignment-create).
 
 ```azurecli
-az role assignment create --role "Key Vault Crypto Officer" --assignee "<upn>" --scope "/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.KeyVault/vaults/<your-unique-keyvault-name>"
+az role assignment create --role "Key Vault Certificate User" --assignee "<upn>" --scope "/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.KeyVault/vaults/<your-unique-keyvault-name>"
 ```
 
 Replace \<upn\>, \<subscription-id\>, \<resource-group-name\> and \<your-unique-keyvault-name\> with your actual values. Your UPN will typically be in the format of an email address (e.g., [email protected]).

includes/key-vault/rbac/upn-crypto-officer-pivot.md renamed to articles/key-vault/includes/rbac/upn-certificate-user-pivot.md

@@ -11,10 +11,10 @@ ms.author: msmbaldwin
 
 ### [Azure CLI](#tab/azure-cli)
 
-[!INCLUDE [Using RBAC to provide access to a key vault - CLI](./upn-crypto-officer-cli.md)]
+[!INCLUDE [Using RBAC to provide access to a key vault - CLI](./upn-certificate-user-cli.md)]
 
 ### [Azure PowerShell](#tab/azure-powershell)
 
-[!INCLUDE [Using RBAC to provide access to a key vault - PowerShell](./upn-crypto-officer-powershell.md)]
+[!INCLUDE [Using RBAC to provide access to a key vault - PowerShell](./upn-certificate-user-powershell.md)]
 
 ---

includes/key-vault/rbac/upn-secrets-officer-powershell.md renamed to articles/key-vault/includes/rbac/upn-certificate-user-powershell.md

@@ -12,7 +12,7 @@ ms.author: msmbaldwin
 To gain permissions to your key vault through [Role-Based Access Control (RBAC)](/azure/key-vault/general/rbac-guide.md), assign a role to your "User Principal Name" (UPN) using the Azure PowerShell cmdlet [New-AzRoleAssignment](/powershell/module/az.resources/new-azroleassignment).
 
 ```azurepowershell
-New-AzRoleAssignment -SignInName "<upn>" -RoleDefinitionName "Key Vault Secrets Officer" -Scope "/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.KeyVault/vaults/<your-unique-keyvault-name>"
+New-AzRoleAssignment -SignInName "<upn>" -RoleDefinitionName "Key Vault Certificate User" -Scope "/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.KeyVault/vaults/<your-unique-keyvault-name>"
 ```
 
 Replace \<upn\>, \<subscription-id\>, \<resource-group-name\> and \<your-unique-keyvault-name\> with your actual values. Your UPN will typically be in the format of an email address (e.g., [email protected]).

articles/key-vault/keys/quick-create-cli.md

@@ -28,6 +28,10 @@ In this quickstart, you create a key vault in Azure Key Vault with Azure CLI. Az
 
 [!INCLUDE [Create a key vault](../includes/key-vault-creation-cli.md)]
 
+## Give your user account permissions to manage secrets in Key Vault
+
+[!INCLUDE [Using RBAC to provide access to a key vault](../includes/rbac/upn-crypto-officer-cli.md)]
+
 ## Add a key to Key Vault
 
 To add a key to the vault, you just need to take a couple of additional steps. This key could be used by an application. 

articles/key-vault/keys/quick-create-powershell.md

@@ -33,6 +33,10 @@ Connect-AzAccount
 
 [!INCLUDE [Create a key vault](../includes/key-vault-creation-powershell.md)]
 
+## Give your user account permissions to manage secrets in Key Vault
+
+[!INCLUDE [Using RBAC to provide access to a key vault](../includes/rbac/upn-crypto-officer-powershell.md)]
+
 ## Add a key to Key Vault
 
 To add a key to the vault, you just need to take a couple of additional steps. This key could be used by an application.