Secret permissions
To manage, create, list, or access a secret or folder, you must grant the appropriate permissions within a policy rule.
Policies that are linked to folders automatically apply to child objects.
Permission | Description |
---|---|
List |
Grants the ability to view names and descriptions for secrets and folders, as well as the versions, creator, and updates for the secret. It doesn't reveal the secrets themselves. Resource admins have implicit list permissions across all secret folders. Delegated resource admins have implicit list permissions for secret folders within resource groups that they're delegated to. |
Folder permission | Description |
---|---|
Create |
Grants the ability to create secrets in the specified folder or subfolders. This permission isn't available if the rule is an individual secret. |
Update |
Grants the ability to rename a folder's name and description. |
Delete |
Grants the ability to delete a folder. |
Secret permission | Description |
---|---|
Create |
Grants the ability to create secrets in the specified folder or subfolders. This permission isn't available if the rule is an individual secret. |
Update |
Grants the ability to change a secret, which results in an incremented version. Renaming the secret name and description doesn't create a version. |
Reveal |
Grants the ability to decrypt secrets and view them in plain text. |
Delete |
Grants the ability to delete a secret. |