Merge pull request #269833 from jlichwa/patch-104

prmerger-automator[bot] · web-flow · commit a5ed2e2f2a54 · 2024-03-21T21:31:36.000Z
Update rbac-guide.md
diff --git a/articles/key-vault/general/rbac-guide.md b/articles/key-vault/general/rbac-guide.md
@@ -29,12 +29,11 @@ For more information, see [Azure role-based access control (Azure RBAC)](../../r
 ## Best Practices for individual keys, secrets, and certificates role assignments
 
 Our recommendation is to use a vault per application per environment
-(Development, Pre-Production, and Production).
+(Development, Pre-Production, and Production) with roles assigned at Key Vault scope.
 
-Individual keys, secrets, and certificates permissions should be used
-only for specific scenarios:
+Assigning roles on individual keys, secrets and certificates should be avoided. Exceptions to general guidance:
 
-- Sharing individual secrets between multiple applications, for example, one application needs to access data from the other application
+- Scenarios where individual secrets must be shared between multiple applications, for example, one application needs to access data from the other application
 
 More about Azure Key Vault management guidelines, see:
 
