Menu
In my Azure Pipeline (YAML), I am deploying an ARM template to create a key vault (among other resources), then running a PowerShell script to generate a certificate and store it in the key vault. This gives me a Forbidden error. In Use secrets from Azure Key Vault in Azure Pipelines, Microsoft suggests that I need to create an access policy on the key vault for the pipeline service principal. When I do this, the script succeeds.
Image from cache404
I would now like to create this access policy programmatically as part of the ARM template, but I don't know how to retrieve the object id for the pipeline service principal programmatically within the pipeline. Could someone please help?
454
asked Oct 27 '25 06:10
Whilst Hugh Lin's answer is valid, I found it simpler to adapt Nick Graham's answer for granting key vault access to the pipeline service principal as part of the PowerShell script itself:
$Context = Get-AzContext
Set-AzKeyVaultAccessPolicy -VaultName $vaultName -ServicePrincipalName $Context.Account.Id -PermissionsToCertificates Get,List,Create
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With