Merge pull request #756 from dotnet/dtivel/update-readme

clairernovotny · web-flow · commit d018f756bb9f · 2024-08-15T08:44:56.000-04:00
diff --git a/README.md b/README.md
@@ -46,6 +46,8 @@ You should also use the `filter` parameter with the file list to sign, something
   - Key permissions
     - Cryptographic Operations
       - Sign
+    - Key Management Operations
+      - Get  _(Note:  this is only for the public key not the private key.)_
   - Certificate permissions
     - Certificate Management Operations
       - Get
@@ -70,7 +72,7 @@ The following information is needed for the signing build:
 * `Tenant Id` Azure AD tenant
 * `Client Id` / `Application Id` ServicePrincipal identifier
 * `Key Vault Url` Url to Key Vault. Must be a Premium Sku for EV code signing certificates and all certificates issued after June 2023
-* `Certificate Id` Id of the certificate in Key Vault. 
+* `Certificate Id` Id of the certificate in Key Vault.
 * `Client Secret` for Azure DevOps Pipelines
 * `Subscription Id` for GitHub Actions
 
@@ -81,4 +83,4 @@ Code signing certificates must use the `RSA-HSM` key type to ensure the private
 
 ## Migrating from the legacy code signing service
 
-If you've been using the legacy code signing service, using `SignClient.exe` to upload files for signing, you can use your existing certificate and Key Vault with this new tool. You will need to create a new ServicePrincipal and assign it permissions as described above.
+If you've been using the legacy code signing service, using `SignClient.exe` to upload files for signing, you can use your existing certificate and Key Vault with this new tool. You will need to create a new ServicePrincipal and assign it permissions as described above.
