![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 46%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHW%3C/text%3E%3C/svg%3E)
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,131 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 6%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHS%3C/text%3E%3C/svg%3E)
When you grant an Azure Key Vault access policy to a service principal, it typically allows the principal to perform specified actions across all secrets or keys within the Key Vault, unless otherwise restricted by more granular permissions. In your case, if you have granted 'get' and 'list' permissions to the service principal, it means this principal can indeed access both Secret Scope A and B, as well as any other secrets present in the Key Vault. This access is not limited to specific secrets unless you explicitly define narrower scope restrictions, which Azure Key Vault currently does not support at the secret level (that I know of); access policies are applied at the vault level. Therefore, granting these permissions allows the service principal to interact with all secrets within the vault as specified by the assigned permissions.