Question

jmjf on Tue, 14 Apr 2015 00:56:50


I have done the following...

  • Set up the Key Vault against my Azure subscription using Azure Powershell and validated that it is correct
  • Set the permissions up so that all permissions are granted for keys
  • Downloaded the "Microsoft Azure Key Vault Library 0.9.0-preview" client libraries
  • There were some build issues so I set the solution to restore Nuget package and the solution then builds
  • When I run the unit tests I get 8 failed tests - mainly related to secrets
  • This is on the line below in theKeyVaultClient

using ( var response   = await this.SendAsync<SecretRequestMessage>( "PUT", CreateSecretUrl( identifier.BaseIdentifier ), request ).ConfigureAwait( false ) )

Is this an issue that anyone else has experienced? 




Sponsored



Replies

Rahul P Nath on Thu, 16 Apr 2015 16:33:36


How have you setup the permissions to the application? Could you specify the script that you have used. To access secrets you also need to set the PermissionToSecrets as shown below 

Set-AzureKeyVaultAccessPolicy -VaultName 'VaultName' -ServicePrincipalName 'principalname' -PermissionsToKeys all -PermissionsToSecrets all

You can set it to 'all' if you want to perform all actions.

Yihui Guo on Thu, 16 Jun 2016 14:36:51


Hi, I encountered a similar question.

I wrote an api with reference to Microsoft.Azure.KeyVault class, it is using clientId and certificate to authenticate. I am inserting and querying secrets like client.SetSecretsAsync() and client.GetSecretsAsync().

It worked fine when I manually create a key vault and grant secret permission to the clientId above.

However it becomes tricky when I am trying to create the key vault automatically with KeyVault RestAPi.

I have already granted the client id with all permissions to secrets while creating the vault with PUT method, the vault was created successfully, but when I try to use client.SetSecretsAsync()  again, I have this in Fiddler:

{"error":{"code":"Forbidden","message":"Operation \"set\" is not allowed"}}

Seems like the client is not using the proper clientid with proper authorization, but how come?

Is it possible to fix this issue? THX

SwatiBabber on Tue, 16 Aug 2016 06:36:41


Hi ,

I am also facing the same issue, even after setting the permissions right.

Did it work for anybody?? can you please suggest anything?