Designing and Implementing Microsoft DevOps Solutions — Question 9
You create a Microsoft ASP.NET Core application.
You plan to use Azure Key Vault to provide secrets to the application as configuration data.
You need to create a Key Vault access policy to assign secret permissions to the application. The solution must use the principle of least privilege.
Which secret permissions should you use?
Answer options
- A. List only
- B. Get only
- C. Get and List
Correct answer: B
Explanation
The correct answer is B, 'Get only', as it allows the application to retrieve secrets from Azure Key Vault without granting unnecessary permissions. Option A, 'List only', does not allow the application to access the actual secret values, while option C, 'Get and List', provides more access than needed, violating the principle of least privilege.