Problem
You are designing an Azure resource deployment that will use Azure Resource Manager templates. The deployment will need to use Azure Key Vault to store secrets. You will need to recommend a solution that prevents the IT staff to perform the deployment from retrieving the secrets directly from the Key Vault. How would you do this?
Solution
You will need to set enabledForTemplateDeployment in the Key Vault access plocilies settings to true. Also, ensure that the user is also provided the permissions for Microsoft.KeyVault/vaults/deploy/action for the resource group.