![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 72%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETN%3C/text%3E%3C/svg%3E)
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,408 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 45%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAV%3C/text%3E%3C/svg%3E)
Hi @Tero Niemi
Thank you for reaching Microsoft Q&A Forum!
When you grant access to the service principal "xxxxxx-xxxxx-xxxx-xxxxx-xxxx08787cd" for the Azure Key Vault, you are typically allowing it to perform specific actions such as reading secrets, certificates, or keys stored in the Key Vault.
The service principal will have the ability to read secrets and certificates from the Key Vault. This is essential for App Services to retrieve certificates for SSL/TLS bindings.
The access is generally limited to the Key Vault within the current Azure subscription and tenant. It does not grant access to other Azure resources or Key Vaults outside of this scope unless explicitly configured.
Hope this helps. Do let us know if you any further queries by responding in the comments section.
Thanks,
Akhilesh.
If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.