Vault secret access to specific group members

I wanted to allow specific group of people to give permissions like edit, delete to my secrets in vault.

I created a group, with member as entity id( My vault is azure based login with oidc). Is there a way where I can assign multiple members to group and assign a policy?

Can anyone help me how this one can be achieved.

You can assign access via Azure AD group membership.

Based on the information you have provided, I’m assuming you’re currently using an internal Identity Group and you probably want to be using an external Identity Group for user membership management.

I’m assuming you don’t want to manage membership within Vault itself, but rather offload that to your existing Azure AD group membership management processes.

If that’s the case then please reference the following links:


If you need further flexibility then combining the two group types could be beneficial (add the external group as a member of an internal group, where the internal group has a policy attached). I’m beginning to experiment with this myself and am finding ways to delegate management of Vault in a more controlled fashion.

If you’re looking to understand how to add more than one member at a time to an internal group, then you need to provide a complete list of members to the group. Adding one at a time will overwrite the existing membership, if I’m remembering correctly.