update

Author: msmbaldwin

includes/key-vault-rbac/crypto-officer-cli.md

@@ -0,0 +1,18 @@
+---
+author: msmbaldwin
+ms.service: key-vault
+ms.topic: include
+ms.date: 04/04/2024
+ms.author: msmbaldwin
+
+# Used by articles that show how to assign a Key Vault access policy
+
+---
+
+To grant your application permissions to your key vault through [Role-Based Access Control (RBAC)](/azure/key-vault/general/rbac-guide.md), assign a role using the Azure CLI command [az role assignment create](/cli/azure/role/assignment#az-role-assignment-create).
+
+```azurecli
+az role assignment create --role "Key Vault Crypto Officer" --assignee "<app-id>" --scope "/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.KeyVault/vaults/<your-unique-keyvault-name>"
+```
+
+Replace \<app-id\>, \<subscription-id\>, \<resource-group-name\> and \<your-unique-keyvault-name\> with your actual values. \<app-id\> is the Application (client) ID of your registered application in Azure AD.

includes/key-vault-rbac/crypto-officer-pivot.md

@@ -0,0 +1,20 @@
+---
+author: msmbaldwin
+ms.service: key-vault
+ms.topic: include
+ms.date: 04/04/2024
+ms.author: msmbaldwin
+
+# Used by articles that show how to assign a Key Vault access policy
+
+---
+
+### [Azure CLI](#tab/azure-cli)
+
+[!INCLUDE [Using RBAC to provide access to a key vault - CLI](./crypto-officer-cli.md)]
+
+### [Azure PowerShell](#tab/azure-powershell)
+
+[!INCLUDE [Using RBAC to provide access to a key vault - PowerShell](./crypto-officer-powershell.md)]
+
+---

includes/key-vault-rbac/crypto-officer-powershell.md

@@ -0,0 +1,18 @@
+---
+author: msmbaldwin
+ms.service: key-vault
+ms.topic: include
+ms.date: 04/04/2024
+ms.author: msmbaldwin
+
+# Used by articles that show how to assign a Key Vault access policy
+
+---
+
+To grant your application permissions to your key vault through [Role-Based Access Control (RBAC)](/azure/key-vault/general/rbac-guide.md), assign a role using the Azure PowerShell cmdlet [New-AzRoleAssignment](/powershell/module/az.resources/new-azroleassignment).
+
+```azurepowershell
+New-AzRoleAssignment -ObjectId "<app-id>" -RoleDefinitionName "Key Vault Crypto Officer" -Scope "/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.KeyVault/vaults/<your-unique-keyvault-name>"
+```
+
+Replace \<app-id\>, \<subscription-id\>, \<resource-group-name\> and \<your-unique-keyvault-name\> with your actual values. \<app-id\> is the Application (client) ID of your registered application in Azure AD.

includes/key-vault-rbac/crypto-user-cli.md

@@ -0,0 +1,18 @@
+---
+author: msmbaldwin
+ms.service: key-vault
+ms.topic: include
+ms.date: 04/04/2024
+ms.author: msmbaldwin
+
+# Used by articles that show how to assign a Key Vault access policy
+
+---
+
+To grant your application permissions to your key vault through [Role-Based Access Control (RBAC)](/azure/key-vault/general/rbac-guide.md), assign a role using the Azure CLI command [az role assignment create](/cli/azure/role/assignment#az-role-assignment-create).
+
+```azurecli
+az role assignment create --role "Key Vault Crypto User" --assignee "<app-id>" --scope "/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.KeyVault/vaults/<your-unique-keyvault-name>"
+```
+
+Replace \<app-id\>, \<subscription-id\>, \<resource-group-name\> and \<your-unique-keyvault-name\> with your actual values. \<app-id\> is the Application (client) ID of your registered application in Azure AD.

includes/key-vault-rbac/crypto-user-pivot.md

@@ -0,0 +1,20 @@
+---
+author: msmbaldwin
+ms.service: key-vault
+ms.topic: include
+ms.date: 04/04/2024
+ms.author: msmbaldwin
+
+# Used by articles that show how to assign a Key Vault access policy
+
+---
+
+### [Azure CLI](#tab/azure-cli)
+
+[!INCLUDE [Using RBAC to provide access to a key vault - CLI](./key-vault-quickstart-rbac-cli.md)]
+
+### [Azure PowerShell](#tab/azure-powershell)
+
+[!INCLUDE [Using RBAC to provide access to a key vault - PowerShell](./key-vault-quickstart-rbac-powershell.md)]
+
+---

includes/key-vault-rbac/crypto-user-powershell.md

@@ -0,0 +1,18 @@
+---
+author: msmbaldwin
+ms.service: key-vault
+ms.topic: include
+ms.date: 04/04/2024
+ms.author: msmbaldwin
+
+# Used by articles that show how to assign a Key Vault access policy
+
+---
+
+To grant your application permissions to your key vault through [Role-Based Access Control (RBAC)](/azure/key-vault/general/rbac-guide.md), assign a role using the Azure PowerShell cmdlet [New-AzRoleAssignment](/powershell/module/az.resources/new-azroleassignment).
+
+```azurepowershell
+New-AzRoleAssignment -ObjectId "<app-id>" -RoleDefinitionName "Key Vault Crypto User" -Scope "/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.KeyVault/vaults/<your-unique-keyvault-name>"
+```
+
+Replace \<app-id\>, \<subscription-id\>, \<resource-group-name\> and \<your-unique-keyvault-name\> with your actual values. \<app-id\> is the Application (client) ID of your registered application in Azure AD.

includes/key-vault-rbac/secrets-officer-cli.md

@@ -0,0 +1,18 @@
+---
+author: msmbaldwin
+ms.service: key-vault
+ms.topic: include
+ms.date: 04/04/2024
+ms.author: msmbaldwin
+
+# Used by articles that show how to assign a Key Vault access policy
+
+---
+
+To grant your application permissions to your key vault through [Role-Based Access Control (RBAC)](/azure/key-vault/general/rbac-guide.md), assign a role using the Azure CLI command [az role assignment create](/cli/azure/role/assignment#az-role-assignment-create).
+
+```azurecli
+az role assignment create --role "Key Vault Secrets Officer" --assignee "<app-id>" --scope "/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.KeyVault/vaults/<your-unique-keyvault-name>"
+```
+
+Replace \<app-id\>, \<subscription-id\>, \<resource-group-name\> and \<your-unique-keyvault-name\> with your actual values. \<app-id\> is the Application (client) ID of your registered application in Azure AD.

includes/key-vault-rbac/secrets-officer-pivot.md

@@ -0,0 +1,20 @@
+---
+author: msmbaldwin
+ms.service: key-vault
+ms.topic: include
+ms.date: 04/04/2024
+ms.author: msmbaldwin
+
+# Used by articles that show how to assign a Key Vault access policy
+
+---
+
+### [Azure CLI](#tab/azure-cli)
+
+[!INCLUDE [Using RBAC to provide access to a key vault - CLI](./key-vault-quickstart-rbac-cli.md)]
+
+### [Azure PowerShell](#tab/azure-powershell)
+
+[!INCLUDE [Using RBAC to provide access to a key vault - PowerShell](./key-vault-quickstart-rbac-powershell.md)]
+
+---

includes/key-vault-rbac/secrets-officer-powershell.md

@@ -0,0 +1,18 @@
+---
+author: msmbaldwin
+ms.service: key-vault
+ms.topic: include
+ms.date: 04/04/2024
+ms.author: msmbaldwin
+
+# Used by articles that show how to assign a Key Vault access policy
+
+---
+
+To grant your application permissions to your key vault through [Role-Based Access Control (RBAC)](/azure/key-vault/general/rbac-guide.md), assign a role using the Azure PowerShell cmdlet [New-AzRoleAssignment](/powershell/module/az.resources/new-azroleassignment).
+
+```azurepowershell
+New-AzRoleAssignment -ObjectId "<app-id>" -RoleDefinitionName "Key Vault Secrets Officer" -Scope "/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.KeyVault/vaults/<your-unique-keyvault-name>"
+```
+
+Replace \<app-id\>, \<subscription-id\>, \<resource-group-name\> and \<your-unique-keyvault-name\> with your actual values. \<app-id\> is the Application (client) ID of your registered application in Azure AD.

includes/key-vault-rbac/secrets-user-cli.md

@@ -0,0 +1,18 @@
+---
+author: msmbaldwin
+ms.service: key-vault
+ms.topic: include
+ms.date: 04/04/2024
+ms.author: msmbaldwin
+
+# Used by articles that show how to assign a Key Vault access policy
+
+---
+
+To grant your application permissions to your key vault through [Role-Based Access Control (RBAC)](/azure/key-vault/general/rbac-guide.md), assign a role using the Azure CLI command [az role assignment create](/cli/azure/role/assignment#az-role-assignment-create).
+
+```azurecli
+az role assignment create --role "Key Vault Secrets User" --assignee "<app-id>" --scope "/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.KeyVault/vaults/<your-unique-keyvault-name>"
+```
+
+Replace \<app-id\>, \<subscription-id\>, \<resource-group-name\> and \<your-unique-keyvault-name\> with your actual values. \<app-id\> is the Application (client) ID of your registered application in Azure AD.