For some reason, I couldn't use the set-azkeyvaultpolicy the way your example did. specifically, I grabbed the identity thus:
$identity = Get-AzSqlServer -ServerName myservernamehere
but I had to use -ObjectId instead of ServicePrincipalName
set-azkeyvaultaccesspolicy -VaultName $keyvault.VaultName -ObjectId $identity.Identity.PrincipalId -PermissionsToKeys wrapkey,unwrapkey,get