Adjust RBAC scope best-practices for SSH private keys #84
Conversation
|
@FlorentATo : Thanks for your contribution! The author(s) and reviewer(s) have been notified to review your proposed change. |
prmerger-automator
bot
added
azure-key-vault/svc
Change sent to author
general/subsvc
labels
|
Learn Build status updates of commit 5d6880a: ✅ Validation status: passed
For more details, please refer to the build report. |
|
@msmbaldwin - Can you review the proposed changes? IMPORTANT: When the changes are ready for publication, adding a #label:"aq-pr-triaged" |
Co-authored-by: Regan Downer <[email protected]>
Co-authored-by: Regan Downer <[email protected]>
|
Learn Build status updates of commit a4e0ae5: ✅ Validation status: passed
For more details, please refer to the build report. |
|
Learn Build status updates of commit f742998: ✅ Validation status: passed
For more details, please refer to the build report. |
|
This pull request has been inactive for at least 14 days. If you are finished with your changes, don't forget to sign off. See the contributor guide for instructions. |
|
@msmbaldwin Could you review this proposed update to your article and enter Thanks! |
|
Can you review this old PR and determine whether it needs to be closed or merged? @MicrosoftDocs/public-repo-pr-review-team |
|
This pull request has been inactive for at least 14 days. If you are finished with your changes, don't forget to sign off. See the contributor guide for instructions. |
|
Any chance you could review this quick PR @msmbaldwin ? |
|
This pull request has been inactive for at least 14 days. If you are finished with your changes, don't forget to sign off. See the contributor guide for instructions. |
|
Bump @msmbaldwin @v-dirichards ? |
|
I sent an email to the content owner today. @MicrosoftDocs/public-repo-pr-review-team |
There was a problem hiding this comment.
Pull Request Overview
This PR updates the Azure Key Vault RBAC best practices documentation to include additional guidance for SSH private key access scenarios. It expands the exceptions for assigning roles at individual resource levels to accommodate user-scoped access patterns.
- Adds SSH private key access via Azure Bastion as a valid exception to the general best practice
- Restructures the exceptions list for better readability and completeness
- Minor formatting cleanup in code examples (removing unnecessary line breaks in JSON arrays)
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
Co-authored-by: Copilot <[email protected]>
|
Learn Build status updates of commit c6415e5: ✅ Validation status: passed
For more details, please refer to the build report. |
|
Can you review this old PR and determine whether it needs to be closed or merged? @MicrosoftDocs/public-repo-pr-review-team |
|
This pull request has been inactive for at least 14 days. If you are finished with your changes, don't forget to sign off. See the contributor guide for instructions. |
|
I sent an email to the content owner today. @MicrosoftDocs/public-repo-pr-review-team |
|
This pull request has been inactive for at least 14 days. If you are finished with your changes, don't forget to sign off. See the contributor guide for instructions. |
|
Bump @v-ccolin @v-dirichards ? 🙃 |
5 participants
This suggestion expends the list of exception to include user-scoped roles for reading individual private SSH key from Bastion UI.
This scenario allows cloud administrators to use of a single Key Vault instance to centrally manage users' private SSH keys, while restricting access to individual keys to said users using Azure RBAC.
This is useful in situations where letting users have a local copy of their private key isn't desired (e.g. for users with decentralized access).
URL: https://learn.microsoft.com/en-us/azure/key-vault/general/rbac-guide?tabs=azure-cli