services / Azure / Key Vault
An Azure Key Vault is a managed secrets store holding cryptographic keys, secrets, and certificates and their access/network configuration.
Key Vaults are CRITICAL-tier assets: they centralize credentials and cryptographic material relied on across many organizational functions.
Microsoft.KeyVault/Vaults/deploy/action
Enables access to vault secrets during Azure resource deployment, letting an attacker reference and surface secret/credential material into a deployment context and reuse it to pivot to other identities and resources.
Risks
Scope: CRITICAL
This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.
Links
Contributed by P0 Security