With Azure Key Vault, is it possible to grant access to read a single secret, rather than any secret in the Key Vault for which the client has a URI?
5
votes
1 Answers
6
votes
As of today, no. Access can only be granted at the vault level through access policies (a max of 16 access policies can be defined at this time) and once a user/application has been granted access to secrets, the access is applicable to all secrets in that vault.
One possible solution would be to create one vault for each secret. I tried to look up the limits on number of vaults you can have in a subscription but couldn't find any. Obviously this approach would mean more management headache in managing those many number of vaults plus we don't know how many maximum vaults you can have per subscription.
