How Can I Restrict Access to Secrets in Azure Key Vault?

Hey folks! I'm currently diving into Azure Machine Learning Studio and Azure Key Vault, and I'm trying to tighten up the access controls for the secrets I'm working with. Here's the setup: I have a Key Vault on Azure and I've got Contributor access. I've also added myself to the Access Policies with "Get" permission on secrets.

Using Azure ML Studio notebooks, I'm accessing these secrets through the DefaultAzureCredential from the Azure SDK with code like this:

```python
from azure.identity import DefaultAzureCredential
from azure.keyvault.secrets import SecretClient

vault_url = "https://.vault.azure.net/"
credential = DefaultAzureCredential()
client = SecretClient(vault_url=vault_url, credential=credential)

secret = client.get_secret("")
print(secret.value)
```

So here's my dilemma: I want to configure the Azure Key Vault access so that a specific user or identity (let's call them Person A) can use the secret in services like Azure ML, a pipeline, or an app, but they shouldn't be able to view, print, log, or expose the actual secret value in any way—like by calling .value or printing `secret.value` in the code.

Basically, I'm looking for a way to ensure that the secret is only available at runtime to the necessary system while preventing any user, even those with access, from extracting or misusing the raw secret value.

How can I achieve this with Azure Key Vault? Should I look into Role-based access control (RBAC)? Managed identities? Some kind of data masking or obfuscation? Any best practices would be hugely appreciated!