I am accessing KeyVault with .NET client with an AAD application. Although all permissions under secrets are enabled for this AAD app (screenshot below) I am getting "The operation "List" is not enabled in this key vault's access policy" if I navigate to the Secret panel.
I would like to be able to set the permissions via the AAD application and so using Powershell wouldn't be an option.
If I set the permissions via Powershell - it does work.
How I'm creating my access policies:
var accessPolicy = new AccessPolicyEntry
{
ApplicationId = app,
ObjectId = Obid,
PermissionsRawJsonString = "{ \"keys\": [ \"all\" ], \"secrets\": [ \"all\" ], \"certificates\": [ \"all\" ] }",
TenantId = ten,
};
return accessPolicy;
which gives me
Then the list error appears and so I have to use
Set-AzureRmKeyVaultAccessPolicy -VaultName vaultname -ResourceGroupName location -ObjectId obid -PermissionsToKeys all -PermissionsToSecrets all
That will get rid of the error but I would much prefer a solution so I can work with the .NET SDK to resolve.
To access Azure Key Vault, you'll need an Azure subscription. If you don't already have a subscription, create a free account before you begin. All access to secrets takes place through Azure Key Vault. For this quickstart, create a key vault using Azure portal, Azure CLI, or Azure PowerShell.
Lock down access to your subscription, resource group, and key vaults (role-based access control (RBAC)). Create access policies for every vault. Use the principle of least privilege access to grant access. Turn on firewall and virtual network service endpoints.
Got the error:
The operation "List" is not enabled in this key vault's access policy.
You are unauthorized to view these contents.
The key here was to look at You are unauthorized to view these contents.
Navigate to Access policies
and add your currently logged in user as principal with at least List
privilege:
You can now view secrets if there are any:
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With