Key Vault has its own Data Plane access policies. In order for
CI/CD pipelines to manage the infrastructure *and* to allow
humans with priviledged access to examine the contents, we
are using a superadmin group.
N.B. this is not relevant if you use Azure RBAC instead of access
policies. At time of writing, this is still in preview.
For details see
https://docs.microsoft.com/en-us/azure/key-vault/general/rbac-guide
Julie Ng
microsoft-github-operations[bot]