Assign secrets only to specific web app created in Azure. For Example: I have created one azure web app with MSI, created key vault with secrets for that app and I have given access to that app to get secrets. Now I have created another azure wep app with MSI, for this also I have created secrets and given key vault access. Now both the app can able to get secrets. But problem is, both app can access both secrets. I need to create app specific secrets. How to do in key vault ?
1
votes
1 Answers
3
votes
Create two Key Vaults. You can't limit which secrets the app can access, so having two vaults is the only way to isolate them.
You can check out pricing for Key Vault from here: https://azure.microsoft.com/en-us/pricing/details/key-vault/. Billing for secrets is based on the amount of operations, so while two vaults won't use them as efficiently, the cost should not jump up in significant amounts.
