Utilize RBAC for Key Vault and Storage Accounts

Joel Lindbeck

December 09, 2025 07:51

Currently Nerdio configures access policies and SAS for Key Vaults and Storage Accounts. These are less secure authorization methods and have a risk of data exposure that is limited when using RBAC.

If Nerdio already supports using RBAC, there should be a migration KB, but preferably Nerdio should automatically configure to use RBAC during deployment.

Comments (3 comments)

Carl Long

December 09, 2025 18:03

Thank you for your feature request—your input helps shape our roadmap.

Next steps:
• We will review your request and update its status as it moves through the evaluation process.
• If we need more details, we'll reach out in the comments.

We also welcome additional feedback and votes from the community.

John Tokash

December 24, 2025 13:08

This would be a great addition to the CIS Hardened images. We have a growing list of prospects who are asking for their Azure deployment to be CIS Level 1 compliant, alongside things like the hardened images. Noone is beating down the door, but this would be a valuable step (imho at least) along the way to a more secure by default posture.

Subhajit Saha (Contractor)

February 10, 2026 16:24

What is the migration plan for Nerdio to use RBAC for operate Key vault as MS depreciating access policies on Key vault - Prepare for Key Vault API version 2026-02-01 - Azure RBAC as default | Microsoft Learn

Please sign in to leave a comment.