diff --git a/keyvault.tf b/keyvault.tf
index 8438cbf769..2e2f2eedfd 100755
--- a/keyvault.tf
+++ b/keyvault.tf
@@ -29,6 +29,7 @@ module "keyvault_access_policies" {
   azuread_groups          = module.azuread_groups
   logged_user_objectId    = local.client_config.logged_user_objectId
   logged_aad_app_objectId = local.client_config.logged_aad_app_objectId
+  managed_identities      = module.managed_identities
 }
 
 # Need to separate keyvault policies from azure AD apps to get the keyvault with the default policies.
@@ -44,7 +45,6 @@ module "keyvault_access_policies_azuread_apps" {
 }
 
 
-
 output keyvaults {
   value = module.keyvaults
 }
diff --git a/modules/security/keyvault_access_policies/policies.tf b/modules/security/keyvault_access_policies/policies.tf
index 9cbf84e2e1..dd1d4d65da 100755
--- a/modules/security/keyvault_access_policies/policies.tf
+++ b/modules/security/keyvault_access_policies/policies.tf
@@ -55,11 +55,24 @@ module object_id {
   source = "./access_policy"
   for_each = {
     for key, access_policy in var.access_policies : key => access_policy
-    if key == "object_id" && var.logged_aad_app_objectId != null
+    if try(access_policy.object_id, null) != null && var.logged_aad_app_objectId != null
   }
 
   keyvault_id   = var.keyvault_id
   access_policy = each.value
   tenant_id     = try(each.value.tenant_id, var.tenant_id)
   object_id     = each.value.object_id
+}
+
+module managed_identity {
+  source = "./access_policy"
+  for_each = {
+    for key, access_policy in var.access_policies : key => access_policy
+    if try(access_policy.managed_identity_key, null) != null && var.managed_identities != {}
+  }
+
+  keyvault_id   = var.keyvault_id
+  access_policy = each.value
+  tenant_id     = var.tenant_id
+  object_id     = var.managed_identities[each.value.managed_identity_key].principal_id
 }
\ No newline at end of file
diff --git a/modules/security/keyvault_access_policies/variables.tf b/modules/security/keyvault_access_policies/variables.tf
index 7a534e94b5..4c6b9731ec 100755
--- a/modules/security/keyvault_access_policies/variables.tf
+++ b/modules/security/keyvault_access_policies/variables.tf
@@ -21,3 +21,6 @@ variable azuread_groups {
 variable azuread_apps {
   default = {}
 }
+variable managed_identities {
+  default = {}
+}
\ No newline at end of file