Transition to Azure RBAC

[rcolombo-cdesign]

Hello everyone,

being a beginner in Azure, i received the Transition to Azure RBAC communications, which starts being effective starting from 2026-02-01.

I was wondering if, having one .NET Aspire 9.5 application in production deployed on Azure Container Apps, we have to take any corrective action (both on the current deployment and/or in the code for future releases) or it's not impacting how Aspire use the automatically generated Key Vaults. I do not have any "explicit" key vaults added into my application (only those generated and used by Aspire to manage secrets).

Thanks in advance
Roberto

[vst121]

You shouldn’t need to take any action for your Aspire 9.5 app in this case. The automatically generated Key Vaults that Aspire creates and manages already use the appropriate Azure RBAC permissions under the hood. Since you’re not using any explicit Key Vaults, your current deployment and code won’t be affected by the 2026-02-01 RBAC transition.

For future releases, as long as you continue relying on Aspire-managed Key Vaults (and don’t add custom ones), everything should continue to work normally. The RBAC changes mostly impact scenarios where you manually provision or manage Key Vaults and secrets outside of Aspire.

So, no corrective action is required in your scenario.

[rcolombo-cdesign]

Thanks for the insight, i guessed that since it's Aspire managed it would use the correct permissions from RBAC, but being the first time we go into production with an Aspire setup, it was worth asking!