diff --git a/terraform/modules/k8s/main.tf b/terraform/modules/k8s/main.tf
index 21ef4841..9eb7b68d 100644
--- a/terraform/modules/k8s/main.tf
+++ b/terraform/modules/k8s/main.tf
@@ -25,6 +25,9 @@ resource "azurerm_kubernetes_cluster" "k8s" {
     min_count             = var.min_count # FIXME: if auto_scaling disabled, set to 0
   }
 
+  identity {
+    type = "SystemAssigned"
+  }
   lifecycle {
     ignore_changes = [
       default_node_pool.0.node_count
diff --git a/terraform/modules/k8s/outputs.tf b/terraform/modules/k8s/outputs.tf
index e69de29b..a4ecf2a5 100644
--- a/terraform/modules/k8s/outputs.tf
+++ b/terraform/modules/k8s/outputs.tf
@@ -0,0 +1,3 @@
+output "principal_id" {
+  value = azurerm_kubernetes_cluster.k8s.identity[0].principal_id
+}
diff --git a/terraform/modules/keyvault/main.tf b/terraform/modules/keyvault/main.tf
index 53df7d85..51437c45 100644
--- a/terraform/modules/keyvault/main.tf
+++ b/terraform/modules/keyvault/main.tf
@@ -22,19 +22,15 @@ resource "azurerm_key_vault" "keyvault" {
 resource "azurerm_key_vault_access_policy" "keyvault" {
   key_vault_id = azurerm_key_vault.keyvault.id
 
-  tenant_id = "b5ab0e1e-09f8-4258-afb7-fb17654bc5b3"
-  object_id = "ca8cfc48-9995-4973-a8cc-6c7f755e84de"
+  tenant_id = data.azurerm_client_config.current.tenant_id
+  object_id = var.principal_id
 
   key_permissions = [
     "get",
-    "list",
-    "create",
   ]
 
   secret_permissions = [
     "get",
-    "list",
-    "set",
   ]
 }
 
diff --git a/terraform/modules/keyvault/variables.tf b/terraform/modules/keyvault/variables.tf
index f6b7b429..2333d228 100644
--- a/terraform/modules/keyvault/variables.tf
+++ b/terraform/modules/keyvault/variables.tf
@@ -22,3 +22,8 @@ variable "tenant_id" {
   type        = string
   description = "The Tenant ID"
 }
+
+variable "principal_id" {
+  type        = string
+  description = "The service principal_id of the k8s cluster"
+}