I am trying to crete a "secret value" using Azure Key Vault. I am following a tutorial from Microsoft located here ... https://azure.microsoft.com/en-us/documentation/articles/key-vault-get-started/
I was able to create a Key Vault using ...
New-AzureRmKeyVault -VaultName 'MyKeyVaultName' -ResourceGroupName 'MyResourceGroup' -Location 'West US'
I can also verify it was created by using ...
Get-AzureRmKeyVault
I am able to create the secret value by using the following ...
$secretvalue = ConvertTo-SecureString 'Pa$$w0rd' -AsPlainText -Force
However when I try to set the key ...
$secret = Set-AzureKeyVaultSecret -VaultName 'MyKeyVaultName' -Name 'SQLPassword' -SecretValue $secretvalue
I get an error that says
Set-AzureKeyVaultSecret : Operation "set" is not allowed
I thought that I had gained all access to the Key Vault by creating it? Do I need to add specific permissions?
Here is a screen capture of the error from powershell
This error usually comes when application/user don't have permission to access the resource, Key-Vault in this case which is secured by Azure AD tenant. It seems the access policy has not been defined for security principal which can be application or user group to perform different operations on Key Vaults.
You can only change secret attributes such as expiration date, activation date. You cannot change secret's value programatically or via Azure Portal. If you want to update your secret without creating a new vault (meaning the secret identifier still remains intact) you can create a new version of the existing secret.
Likely a permissions issue. Try the following:
Set-AzureRmKeyVaultAccessPolicy –VaultName ‘{your vault name}’ –UserPrincipalName ‘{your account email}’ –PermissionsToKeys all –PermissionsToSecrets all
The problem you are having is that you are not creating a key to attach a secret to, You need to call Add-AzureKeyVaultKey
to create that key. Like this...
$vault = Get-AzureRmKeyVault
$secretvalue = ConvertTo-SecureString 'Pa$$w0rd' `
-AsPlainText -Force
$key = Add-AzureKeyVaultKey -VaultName $vault.VaultName `
-Name Test01 `
-Destination Software
(Get-AzureKeyVaultSecret -VaultName $vault.VaultName `
-Name test01).SecretValueText
which returns
Pa$$w0rd
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With