Agent Function Key Vault Access Policies

Agent Function requires access to Key Vault created in Key Vault to encrypt policy and to access configuration secrets.

  1. From Azure console navigate to Key Vaults, select the Key Vault created in Key Vault.
  2. Select Access policies.
  3. Click Create.
  4. Select the following permissions in Permissions tab: a. Get under Key Management Operations. b. Wrap Key under Cryptographic Operations. c. Get under Secret Permissions.
  5. For Principal provide function identity a. For functions with user-assigned identity enter identity recorded in step Agent Function User-Assigned Managed Identity b. For functions with system-assigned identity enter function name recorded in step Install Agent via ARM template
  6. Proceed Next to Application and Next again to Review + Create.
  7. Review permissions and Create.

Last modified : January 16, 2026