config/samples/azure_v1alpha1_keyvault.yaml

apiVersion: azure.microsoft.com/v1alpha1
kind: KeyVault
metadata:
  name: keyvaultsample123
  labels: # Provide tags to add to the KeyVault as labels
    tag1: value1
    tag2: value2
spec:
  resourceGroup: resourcegroup-azure-operators
  location: westus
  enableSoftDelete: false
  # possible values for sku.Name are "Standard" or "Premium"  
  sku:
    name: standard
  networkPolicies: 
    bypass: AzureServices # AzureServices or None
    defaultAction: Allow # Allow or Deny
    ipRules: 
      - 172.16.0.0/24
      - 172.16.1.0/24
    virtualNetworkRules:
      - /subscriptions/<subid>/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1
      - /subscriptions/<subid>/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet2
  accessPolicies:
    - tenantID: <tenantID>
      objectID: <objectID>
      # Use applicationID when providing access to a managed identity
      # applicationID: <appID>
      # We strongly recommend that you do not use the clientID field, it will be removed in a future version of the API

      permissions:
        keys: # backup create decrypt delete encrypt get import list purge recover restore sign unwrapKey update verify wrapKey
          - list
          - get
        secrets: # backup delete get list purge recover restore set
          - list
          - get
        certificates: # backup create delete deleteissuers get getissuers import list listissuers managecontacts manageissuers purge recover restore setissuers update
          - list
          - get
        storage: # backup delete deleteas get getas list listsas purge recover regeneratekey restore set setas update
          - list
          - get