# NOT RUN {
# recommended way of retrieving a resource: via a resource group object
kv <- resgroup$get_key_vault("mykeyvault")
# list principals that have access to the vault
kv$list_principals()
# grant a user full access (the default)
usr <- AzureGraph::get_graph_login()$
get_user("username@aadtenant.com")
kv$add_principal(usr)
# grant a service principal read access to keys and secrets only
svc <- AzureGraph::get_graph_login()$
get_service_principal(app_id="app_id")
kv$add_principal(svc,
key_permissions=c("get", "list"),
secret_permissions=c("get", "list"),
certificate_permissions=NULL,
storage_permissions=NULL)
# alternatively, supply a vault_access_policy with the listed permissions
pol <- vault_access_policy(svc,
key_permissions=c("get", "list"),
secret_permissions=c("get", "list"),
certificate_permissions=NULL,
storage_permissions=NULL)
kv$add_principal(pol)
# revoke access
kv$remove_access(svc)
# get the endpoint object
vault <- kv$get_endpoint()
# }
Run the code above in your browser using DataCamp Workspace