Which Key to use for Managed Identity in Keyvault

I have a terraform deployment which runs in azure pipeline. Azure pipelines is connected to Azure via a service connection. This service connection is registered as an application in the Azure AD of the Azure account. The problem I constantly run into is that I can’t remember which id from the application should be granted keyvault access so the build pipeline can read and write to keyvault.

resource "azurerm_key_vault_access_policy" "terraformaccess" {
  key_vault_id = azurerm_key_vault.keyvault.id

  tenant_id = local.tenant_id
  object_id = ???????????????????

  key_permissions = [

  secret_permissions = [

  storage_permissions = [

Maybe the value is in the portal somewhere:


It seems to be findable by doing either

Login-AzureRmAccount -SubscriptionId <your subscription id>;
$spn=(Get-AzureRmADServicePrincipal -SPN <the application id>);
echo $spn.Id


 az ad sp list --spn <the application id>

Then look for ObjectId