not able to change access configuration policy
CODE InsufficientPermissions MESSAGE RAW ERROR Caller is not allowed to change permission model. For more information on how to change the permissions model follow this link: https://go.microsoft.com/fwlink/?linkid=2155160. Details:…
Access to read Key Vault using registered app user
Have registered an app called 'DevUAT' under Microsoft Entra Id. Created ClientID and Client Secret, Created a Key vault. Created secret and key Added 'DevUAT' to the key vault as owner When accessing the key vault and reading the secret get access…
ERROR | Azure Key Vault access from Python application in Azure Kubernetes Service
I have a python application in AKS where I need to read the secrets from Azure key vault. I am using: credential = DefaultAzureCredential(logging_enable=True) client = SecretClient(vault_url=KV_URI, credential=credential) secret =…
Application gateway listener error when trying to use key vault certificate using managed identity and RBAC
Hi, I'm trying to setup a listener in application gateway to use a certificate from keyvault using managed identity. But every time whne I choose in portal the managed identity and then select the key vault from the dropdown menu I get this error: …
Could someone supply a comprehensive list of files that can be digitally signed with Azure Sign Tool using Azure Key Vault?
Is there a comprehensive list of all files that could be digital signed? For example: .dll, .exe, .cab, ect...
Cloud Service and Keyvault are in different subscriptions
I am using KeyVaultExtension to CSES in my deployment arm template to download and install the certificate automatically by following the doc Apply the Key Vault VM extension in Azure Cloud Services (extended support) | Microsoft Learn This is where…
Unable to create a cert in Azure keyvault
I am attempting to create a new cert in Azure Keyvault and it continues to fail. I am a keyvault admin and certificate officer for the keyvault and I created the access policy and gave the account full permission (following the link included…
Is it safe to add the global "Microsoft Azure App Service" to Key Vault Role Assignments
Unfortunately, it seems that KeyVault Certificates are currently still in an unstable state where RBAC is not properly implemented. Further details of the specifics and a solution to the problem can be seen here…
Why do I get the error "Signing failed with error 800B0106" when signing an Office file including VBA project with a self-signed certificate?
Hi, I have created a self-signed certificate in Azure Key Vault (4k key, default settings). I can use it to sign exe files, but I get the error "Signing failed with error 800B0106" when trying to sign an Excel XLSM file including VBA scripts.…
how to connect to Azure Key Vault using CSI driver in an Azure Kubernetes Service (AKS) cluster
I followed this post https://video2.skills-academy.com/en-us/azure/service-connector/tutorial-python-aks-keyvault-csi-driver?tabs=azure-portal It is ok with KV secret, but I want to use the KV cert. I got the error message: The certificate certificate does not…
How to create a new API connection inside Azure logic app flow using the credentials from Azure Key vault
I have an azure logic app that needs to send message using Twilio connector. How to get the Account ID and Access token to establish connection with Twilio from the Key vault? Currently I am using the connector directly in the logic app where it…
Access policies not available
I am getting 'Access policies not available' in key vault > access policies..... I assigned all key vault related....... roles..... I changed permission model to vault access policy" also from Access configuration. still getting same issue..…
How to decommission an old Root CA and Issuing CA after the new ones are already in live
I wanted to remove or decommission the old Root CA and the issuing CA. Already have the new Root CA and the issuing CA. Wanted to know the step by step process how to check the live certificates in the old CAs and then decommission them.
Azure Machine Learning workspace cannot access Datastore, Container Registry
Hi, I have created an Azure Machine Learning workspace, giving it a user-assigned identity. This identity has both a contributor role over the whole resource group, and a Key Vault Secrets Officer role over the key vault used by the AML workspace It was…
"Successfully imported Key Vault Certificate, but failed to configure SSL binding"
I have a number of certificates in my Azure Key Vault, which were all generated the same way. I also have a number of Web App Services, which were all created the same way. But sometimes, when I add a custom domain to an App Service, and then try to bind…
Azure Marketplace Application offering with secrets for Container Registry access
I'm creating an Azure Marketplace Application offering that includes the provisioning of Azure Container Apps to customers' tenants. These Container Apps must pull their image from an Azure Container Registry on my tenant (publisher). I have trouble…
Failed to add the secret in Azure Front Door - BYOC
I am trying to setup a custom domain in azure front door for a wildcard domain. Also I have Import the certificate for the wildcard ssl in key vault as well . But when I am trying to add the secrets in the Azure Front Door I am getting this error…
Azure Keyvault: The operation is not allowed by RBAC.
Hi, I am the owner of the subscription, i have created the azure keyvault and when I am trying to add a new secret, I get the following error message. The operation is not allowed by RBAC. If role assignments were recently changed, please wait…
data factory managed identity is not being identified as a trusted service by keyvault
We have an issue with an ADF pipeline, when attempting to reach a secret from a KV in the same RG, the connection fails with the following error: "Client address is not authorized, and caller is not a trusted service" The setup is made…
Key vault for Application gateway and App service
Hi, I have certificate from Well known CA and its been use by Application Gateway and App service. The application is working fine. My query is about Key Vault. Shall we create 2 different key vault 1x for Application Gateway and 1x for App service…