services / Azure / Key Vault secret
A secret stored in an Azure Key Vault, typically holding credentials such as passwords, connection strings, API keys, or tokens used by applications and services.
Secrets are credential-bearing material; access to them frequently yields downstream identity access, so the asset is inherently CRITICAL.
Microsoft.KeyVault/Vaults/secrets/getSecret/action
Returns the actual secret value (password, connection string, token), exporting credential material that typically yields usable identity access and lateral movement into the systems the secret protects.
Risks
Scope: CRITICAL
This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.
Links
Contributed by P0 Security