Connection is not an approved private link; connecting acr cache credential set to keyvault with private endpoint

Maxim de Bie 10 Reputation points
2024-08-15T14:54:06.43+00:00

Hi,

I'm trying to bicep cache rules for docker.io and they require a credentialset. I managed to create a credentialset for my acr but I get the following error when it tries to get the credentials from my private keyvault:

"errorCode": "Forbidden",
"errorMessage": "Connection is not an approved private link and caller was ignored because bypass is not set to 'AzureServices' and PublicNetworkAccess is set to 'Disabled'. \r\nVault:
Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,257 questions
Azure Container Registry
Azure Container Registry
An Azure service that provides a registry of Docker and Open Container Initiative images.
446 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Akhilesh 8,870 Reputation points Microsoft Vendor
    2024-08-19T09:54:40.14+00:00

    Hi @Maxim de Bie

    Thank you for reaching us!

    I understand that when you are tries to get the credentials from key vault you are getting below error message
    "Connection is not an approved private link and caller was ignored because bypass is not set to 'AzureServices' and PublicNetworkAccess is set to 'Disabled'

    This error occurs when public access to Key Vault is disabled and the option to 'Allow trusted Microsoft services to bypass this firewall' is unchecked, as shown below.
    User's image

    And the service or device you are accessing this KeyVault from is not using the allowed private IP.
    User's image

    To address the issue, navigate to your keyvault in azure portal choose networking blade and choose Allow public access from specific virtual networks and IP addresses and include your device's IP address in that list to resolve the problem.
    User's image

    Also, if you are trying to access the vault through a Trusted Microsoft service, then configure the settings to 'Allow trusted Microsoft services to bypass this firewall'.
    User's image

    *
    Please do correct me if this is not the case by responding in the comments section also do share the screenshot to validate the error generating step.*

    Hope this helps. Please do let me know if you any further queries, by responding in the comments section.

    Thanks,

    Akhilesh.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.