Skip to content

Update Key Vault to Support RBAC Permissions and Delete Protection #1067

New issue
New issue
Open
Task
Open
Update Key Vault to Support RBAC Permissions and Delete Protection#1067
Task
Labels
OKR: 1.1 SecurityIssues that increase our security postureTool: FinOps hubsData pipeline solution
Milestone
 
2025-04 - April
@AErmie

Description

@AErmie
AErmie
opened on Oct 18, 2024

⚠️ Problem

For organizations that utilize the Enterprise Scale in association with the Cloud Adoption Framework (CAF), there are various Azure Policies and Initiatives that are deployed.

One of those Initiatives is the Enforce recommended guardrails for Azure Key Vault. This initiative contains several policies, including:

  • Azure Key Vault should use RBAC permission model
  • Key vaults should have deletion protection enabled

The current deployment of the FinOps Toolkit (Hub architecture), violates those 2 policies and prevents its deployment. We have to add/create an exception in the target Subscription / Resource Group, for the deployment to complete successfully.

🛠️ Solution

Update the FinOps Toolkit's Key Vault implementation to support the RBAC permissions model, and also enable delete protection.

ℹ️ Additional context

The client I am currently assisting, is in a regulated industry, and uses the CAF / Enterprise Scale Terraform modules.

🙋‍♀️ Ask for the community

We could use your help:

  1. Please vote this issue up (👍) to prioritize it.
  2. Leave comments to help us solidify the vision.

Metadata

Metadata

Assignees

No one assigned

    Labels

    OKR: 1.1 SecurityIssues that increase our security postureTool: FinOps hubsData pipeline solution

    Type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions