services / Azure / Key Vault secret
A secret stored in an Azure Key Vault, typically holding credentials such as passwords, connection strings, API keys, or tokens used by applications and services.
Secrets are credential-bearing material; access to them frequently yields downstream identity access, so the asset is inherently CRITICAL.
Microsoft.KeyVault/vaults/secrets/write
Creating or overwriting a secret value lets an attacker poison credentials consumed by downstream services (manipulation) and plant attacker-controlled credential material for persistence.
Risks
Scope: CRITICAL
This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.
Links
Contributed by P0 Security