Address comment on granting key vault role

lb4368 · lb4368 · commit 84e3223c50b0 · 2024-11-20T16:04:52.000-06:00
diff --git a/articles/operator-nexus/how-to-credential-manager-key-vault.md b/articles/operator-nexus/how-to-credential-manager-key-vault.md
@@ -222,6 +222,10 @@ Refer to [_Grant Managed Identity Access to a Key Vault for Credential Rotation_
 
 ## Grant Managed Identity Access to a Key Vault for Credential Rotation
 
+> [!NOTE]
+> A user-assigned managed identity may be created and assigned access to the key vault before the Nexus Cluster is created and prior to deployment.  A system-assigned identity must be granted access to the key vault
+after cluster creation but before deployment.
+
 - Assign the *Operator Nexus Key Vault Writer Service Role*. Ensure that *Azure role-based access control* is selected as the permission model for the key vault on the *Access configuration* view. Then from the *Access Control* view, select to add a role assignment.
 
 | Role Name                                              | Role Definition ID                   |
