Vault not found in the subscription error occurs randomly azure devops pipeline

Question

I am updating key vault access policies from azure devops yaml pipeline. below is the standard code.

       - task: AzureCLI@2
        displayName: "Set KeyVault access policy for Web App"
        inputs:
          azureSubscription: "$(serviceConnection1)"
          scriptType: bash
          scriptLocation: inlineScript
          inlineScript: |
            az keyvault set-policy -n '$(KeyVaultName)' --secret-permissions get list --object-id '$(appId)'

The task succeeds but also fails lot of times with an error

"vault not found in the subscription" . The service principle has contributor rights to the keyvault.

Network of keyvault is set to "All Networks" ,hence no firewall rules.

I am pretty certain, there is no technical error here, but the task fails quite a lot of times with this error. Any help would be great.

Answer 1

This occurs when there are too many vaults in the subscription. For example, if I run az keyvault show --name $keyvaultName --resource-group "$azureSubscription-rg" it works fine, if I then run az keyvault set-policy --name $keyvaultName --object-id $principalObjectId --secret-permissions all it errors saying vault not found. What I discovered with --debug is the payload received is large and doesn't contain the vault I'm looking for with set-policy.

What worked for me was this az keyvault set-policy --name $keyvaultName --object-id $principalObjectId --secret-permissions all --resource-group "$azureSubscription-rg"