Creating Azure Key-Vault using RBAC rather than Vault Access Policy

[rabidpitbull]

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request. Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request. If you are interested in working on this issue or have submitted a pull request, please leave a comment.

Description

We have a workflow to build custimized Azure Images for creation of Windows Servers. As per the Azure plugin the packer creates a temporary Key-Vault in Azure with a key and the same is used to login to machine and perform the pre and post provisions and create Image. Once the image is created the temporary key-vault gets deleted.

The issue we are facing currently here is the Key-Vault the packer create uses the Vault access policy but as per our org standards and security we have disabled the vault access policy and we are using the Azure role-based access control as depicted in the image below. We are getting below error.

Perhaps we're missing something obvious, and if so -- maybe someone could point us in the right direction. Otherwise, having this capability would be incredibly useful, so that we're not having to rely on injecting passwords into the image creation process.

Thanks.

[fajterini]

Hi why don't you create keyvault in your environment with setting that are compliant to your security policies and use parameter 'build_key_vault_name' with packer. Also if you have strict network policies this KV doesn't need private/public network connectivity only select 'Allow trusted Microsoft services to bypass this firewall'