I'm currently working on several scripts that interact with the Graph API, and I'm trying to determine the best approach for using key vaults. Each of these scripts has its own app registration along with specific permissions, and they'll be accessed by my teammates who belong to a group in Entra. Should I opt for a single key vault to store all my secrets, or would it be better to create a different vault for each app registration? While the latter could provide more granularity, it might also become quite tedious to manage. I plan to store the Secret ID and associated secrets for each application, as well as some global keys, like Tenant IT and database credentials, with any application-specific information kept in local settings files. I'm interested in learning what strategies others have found effective before I make my decision. Thanks for your input!
1 Answer
We’re doing something similar at our organization where multiple departments have their own app registrations with secrets. Each department maintains a separate key vault, giving them access to all the secrets they need within that vault. This helps keep permissions clean and organized.
Related Questions
How To: Running Codex CLI on Windows with Azure OpenAI
Set Wordpress Featured Image Using Javascript
How To Fix PHP Random Being The Same
Why no WebP Support with Wordpress
Replace Wordpress Cron With Linux Cron
Customize Yoast Canonical URL Programmatically