The Key Vault Contributor role grants full control of the target Key Vault. This includes the ability to read all secrets stored on the Key Vault.
Abuse Info
You can read secrets and alter access policies (grant yourself access to read secrets)
Via PowerZure:
Opsec Considerations
This will depend on which particular abuse you perform, but in general Azure will create a log event for each abuse.
References
Updated