Skip to content

Adjust RBAC scope best-practices for SSH private keys #84

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Adjust RBAC scope best-practices for SSH private keys #84

wants to merge 4 commits into from

Conversation

FlorentATo
Copy link

@FlorentATo FlorentATo commented Jun 9, 2025
edited
Loading

This suggestion expends the list of exception to include user-scoped roles for reading individual private SSH key from Bastion UI.

This scenario allows cloud administrators to use of a single Key Vault instance to centrally manage users' private SSH keys, while restricting access to individual keys to said users using Azure RBAC.

This is useful in situations where letting users have a local copy of their private key isn't desired (e.g. for users with decentralized access).

image

URL: https://learn.microsoft.com/en-us/azure/key-vault/general/rbac-guide?tabs=azure-cli

@prmerger-automator PRMerger Automator
Copy link
Contributor

@FlorentATo : Thanks for your contribution! The author(s) and reviewer(s) have been notified to review your proposed change.

@prmerger-automator prmerger-automator bot requested a review from msmbaldwin June 9, 2025 17:40
@learn-build-service-prod Learn Build Service (PROD)
Copy link
Contributor

Learn Build status updates of commit 5d6880a:

✅ Validation status: passed

File Status Preview URL Details
articles/key-vault/general/rbac-guide.md ✅Succeeded

For more details, please refer to the build report.

v-regandowner
v-regandowner reviewed Jun 9, 2025
View reviewed changes
v-regandowner
v-regandowner reviewed Jun 9, 2025
View reviewed changes
@v-regandowner
Copy link
Contributor

@msmbaldwin - Can you review the proposed changes?

IMPORTANT: When the changes are ready for publication, adding a #sign-off comment is the best way to signal that the PR is ready for the review team to merge.

#label:"aq-pr-triaged"
@MicrosoftDocs/public-repo-pr-review-team

FlorentATo and others added 2 commits June 9, 2025 21:30
@FlorentATo @v-regandowner
Update articles/key-vault/general/rbac-guide.md
a4e0ae5 
Co-authored-by: Regan Downer <v-rdowner@microsoft.com>
@FlorentATo @v-regandowner
Update articles/key-vault/general/rbac-guide.md
f742998 
Co-authored-by: Regan Downer <v-rdowner@microsoft.com>
@learn-build-service-prod Learn Build Service (PROD)
Copy link
Contributor

Learn Build status updates of commit a4e0ae5:

✅ Validation status: passed

File Status Preview URL Details
articles/key-vault/general/rbac-guide.md ✅Succeeded

For more details, please refer to the build report.

@learn-build-service-prod Learn Build Service (PROD)
Copy link
Contributor

Learn Build status updates of commit f742998:

✅ Validation status: passed

File Status Preview URL Details
articles/key-vault/general/rbac-guide.md ✅Succeeded

For more details, please refer to the build report.

@github-actions GitHub Actions
Copy link

This pull request has been inactive for at least 14 days. If you are finished with your changes, don't forget to sign off. See the contributor guide for instructions.
Get Help
Docs Support Teams Channel
Resolve Merge Conflict

@v-dirichards
Copy link
Contributor

@msmbaldwin Could you review this proposed update to your article and enter #sign-off in a comment if it's ready to merge?

Thanks!

@github-actions github-actions bot removed the inactive label Jul 11, 2025
@v-dirichards
Copy link
Contributor

@msmbaldwin

Can you review this old PR and determine whether it needs to be closed or merged?

@MicrosoftDocs/public-repo-pr-review-team

@github-actions GitHub Actions
Copy link

github-actions bot commented Aug 5, 2025

This pull request has been inactive for at least 14 days. If you are finished with your changes, don't forget to sign off. See the contributor guide for instructions.
Get Help
Docs Support Teams Channel
Resolve Merge Conflict

@FlorentATo
Copy link
Author

FlorentATo commented Aug 15, 2025
edited
Loading

Any chance you could review this quick PR @msmbaldwin ?

@github-actions github-actions bot removed the inactive label Aug 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@v-regandowner v-regandowner v-regandowner left review comments

@msmbaldwin msmbaldwin Awaiting requested review from msmbaldwin

Assignees

@msmbaldwin msmbaldwin

Labels
aq-pr-triaged azure-key-vault/svc Change sent to author do-not-merge general/subsvc
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@FlorentATo @v-regandowner @v-dirichards @msmbaldwin