The ability to read secrets from key vaults.
Abuse Info
Use PowerShell or PowerZure to fetch the certificate from the key vault.
Via PowerZure:
- Get-AzureKeyVaultContent
- Export-AzureKeyVaultcontent
Opsec Considerations
Azure will create a new log event for the key vault whenever a secret is accessed.
References
Updated