From 77c42930a6a0cc1bbf53b052a1d40f18be416b9c Mon Sep 17 00:00:00 2001
From: Adam <103067949+AdamL-Microsoft@users.noreply.github.com>
Date: Tue, 11 Apr 2023 10:07:37 -0700
Subject: [PATCH] adding updated key vault policy for Microsoft.Azure.WebSites
 (#3006)

* Fixes permissions on access policy needed for SSL cert syncing
---
 src/deployment/azuredeploy.bicep | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/deployment/azuredeploy.bicep b/src/deployment/azuredeploy.bicep
index fc274e0bb..9c8d3b07b 100644
--- a/src/deployment/azuredeploy.bicep
+++ b/src/deployment/azuredeploy.bicep
@@ -124,6 +124,18 @@ resource keyVault 'Microsoft.KeyVault/vaults@2021-10-01' = {
           ]
         }
       }
+      {
+        objectId: 'abfa0a7c-a6b6-4736-8310-5855508787cd'
+        tenantId: tenantId
+        permissions: {
+          secrets: [
+            'get'
+          ]
+          certificates: [
+            'get'
+          ]
+        }
+      }
     ]
     tenantId: tenantId
   }