🔥 3-day streak
Microsoft DevOps Engineer Expert36 / 138
Question 36 of 138
Your team runs a containerized application on Azure Kubernetes Service (AKS) that must read connection strings from Azure Key Vault. You have enabled workload identity on the cluster and assigned a user-assigned managed identity to the workload. Security policy requires that permissions be auditable through Azure role assignments and that individual secret access be granted with the narrowest possible scope. The Key Vault currently uses the vault access policy permission model. What should you do to meet the requirements with the least ongoing administrative effort?
Reviewed for accuracy · Report an issueNext question