I have an app service that needs to connect to Azure Key Vault to obtain Storage and Cosmos DB connection strings. The same application also needs to use service principal name (with client id and secret) to connect directly to a SQL PaaS instance (not via Azure Key Vault). Can I use one single service principal for both?
Asked
Active
Viewed 903 times
1 Answers
2
Can I use one single service principal for both?
Sure you can. As long as Service Principal as appropriate permissions to access both Azure Key Vault and SQL Database, it should be able to access these resources.
The key thing here is that your Service Principal must be assigned appropriate RBAC roles. For example, if you assign your Service Principal a Contributor role in an Azure Subscription, then you can manage all resources of your Azure Subscription (except role assignment) using that Service Principal.
Gaurav Mantri
- 128,066
- 12
- 206
- 241