This permission will allow a principal to read the secret value of secrets:
azkeyvaultsecretshow--vault-name<vaultname>--name<secretname># Get old version secret valueazkeyvaultsecretshow--idhttps://<KeyVaultName>.vault.azure.net/secrets/<KeyVaultName>/<idOldVersion>
This permission allows a principal to decrypt data using a key stored in the vault.
azkeyvaultkeydecrypt--vault-name<vaultname>--name<keyname>--algorithm<algorithm>--value<value># Exampleaz keyvault key decrypt --vault-name testing-1231234 --name testing --algorithm RSA-OAEP-256 --value "ISZ+7dNcDJXLPR5MkdjNvGbtYK3a6Rg0ph/+3g1IoUrCwXnF791xSF0O4rcdVyyBnKRu0cbucqQ/+0fk2QyAZP/aWo/gaxUH55pubS8Zjyw/tBhC5BRJiCtFX4tzUtgTjg8lv3S4SXpYUPxev9t/9UwUixUlJoqu0BgQoXQhyhP7PfgAGsxayyqxQ8EMdkx9DIR/t9jSjv+6q8GW9NFQjOh70FCjEOpYKy9pEGdLtPTrirp3fZXgkYfIIV77TXuHHdR9Z9GG/6ge7xc9XT6X9ciE7nIXNMQGGVCcu3JAn9BZolb3uL7PBCEq+k2rH4tY0jwkxinM45tg38Re2D6CEA==" # This is the result from the previous encryption
Microsoft.KeyVault/vaults/keys/purge/action
This permission allows a principal to permanently delete a key from the vault.
This permission allows a principal to delete a certificate from the vault. The certificate is moved to the "soft-delete" state, where it can be recovered unless purged.
This permission allows a principal to delete a key from the vault. The key is moved to the "soft-delete" state, where it can be recovered unless purged.
This permission allows a principal to delete a secret from the vault. The secret is moved to the "soft-delete" state, where it can be recovered unless purged.