Status: IN
Key Vault secrets follow a permissive read model that differs from typical access-controlled resources: the 25 KB size limit constrains stored content, the contentType field is an optional unvalidated hint (max 255 chars, no predefined values), and the get operation succeeds on both expired and not-yet-valid secrets — meaning nbf/exp date controls are advisory for reads, not enforcement boundaries.