From 3ae70cea6b9fc15fb3862c2d3b56332051837fa6 Mon Sep 17 00:00:00 2001
From: bmc-msft <41130664+bmc-msft@users.noreply.github.com>
Date: Mon, 25 Jan 2021 11:40:36 -0500
Subject: [PATCH] add keyvault management to administrative role (#389)

This is a prerequisite for #326
---
 src/deployment/deployment-role.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/deployment/deployment-role.json b/src/deployment/deployment-role.json
index 3862e736d..03b1bb8af 100644
--- a/src/deployment/deployment-role.json
+++ b/src/deployment/deployment-role.json
@@ -3,6 +3,7 @@
     "Description": "Permissions required for OneFuzz deployment",
     "Actions": [
         "Microsoft.Authorization/locks/*",
+        "Microsoft.Keyvault/vaults/*",
         "Microsoft.Authorization/roleAssignments/write",
         "Microsoft.EventGrid/eventSubscriptions/read",
         "Microsoft.EventGrid/eventSubscriptions/write",
@@ -35,4 +36,4 @@
     "AssignableScopes": [
         "/subscriptions/038d675a-9bbe-4964-9cd1-6d50071a61b5"
     ]
-}
\ No newline at end of file
+}