Azure Powershell : Get-AzureKeyVaultSecret : Operation "get" is not allowed

Question

I logged into to azure powershell using a service principle with a certificate, like this :

Add-AzureRmAccount -ServicePrincipal -CertificateThumbprint  $thumbprint -ApplicationId   $applicationid -TenantId $tenant

Then I tried to get a azure secret :

$b = Get-AzureKeyVaultSecret -VaultName $keyVaultName -Name 'AccountKey'

But I get an error :

"get" is not allowed

I thought I gave read access, like this :

New-AzureRmRoleAssignment -RoleDefinitionName Reader -ServicePrincipalName $azureAdApplication.ApplicationId.Guid 

Any suggestions?

Answer 1

You do not have the correct access policies, give get permissions to the serviceprinciple with Set-AzureRmKeyVaultAccessPolicy:

Set-AzureRmKeyVaultAccessPolicy -VaultName 'Contoso03Vault' -ServicePrincipalName 'http://payroll.contoso.com' -PermissionsToSecrets Get