Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
KeyVault Schema Requires Access Policy - Docs Say It Is Not Required
See original GitHub issueIn the Microsoft.KeyVault/vaults docs, it says that accessPolicies is not required:
When I deploy with this resource, I get no errors
{
"type": "Microsoft.KeyVault/vaults",
"name": "[variables('keyVaultName')]",
"apiVersion": "2018-02-14",
"location": "[resourceGroup().location]",
"tags": {},
"scale": null,
"properties": {
"sku": "[parameters('keyVaultSku')]",
"tenantId": "[parameters('tenantId')]",
"accessPolicies": [],
"enabledForDeployment": false,
"enabledForDiskEncryption": false,
"enabledForTemplateDeployment": false
},
"dependsOn": []
}
When I deploy with this resource (accessPolicies missing)
{
"type": "Microsoft.KeyVault/vaults",
"name": "[variables('keyVaultName')]",
"apiVersion": "2018-02-14",
"location": "[resourceGroup().location]",
"tags": {},
"scale": null,
"properties": {
"sku": "[parameters('keyVaultSku')]",
"tenantId": "[parameters('tenantId')]",
"enabledForDeployment": false,
"enabledForDiskEncryption": false,
"enabledForTemplateDeployment": false
},
"dependsOn": []
}
I get this error:
Issue Analytics
- State:
- Created 5 years ago
- Reactions:7
- Comments:18 (4 by maintainers)
Top Results From Across the Web
Troubleshooting Azure key vault access policy issues
I am not able to modify access policy, how can it be enabled? The user needs to have sufficient AAD permissions to modify...
Read more >Azure key vault: access denied - Stack Overflow
To fix access denied you need to configure Active Directory permissions. Grant access to KeyVault. 1. Using PowerShell Run next command:
Read more >Connect to Key Vault with Client ID and Secret
Select Access Policies> +Add Access Policy. In the Add access policy screen, set permissions to access the vault with the application that was...
Read more >Securing Web Application Secrets Through Azure Key Vault
The main reason for this is that access keys/secrets are stored in Azure Key Vault and not in web.config, so there is no...
Read more >What is Azure Key Vault? - Terence Luk
The 3 access settings are not enabled by default but should be reviewed and enabled if the intention of the key vault is...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Very weird behavior, it makes ARM templates for KeyVault almost useless without external scripts…
So on the one side we have the “Use ARM to automatically deploy all things”, and on the other side we have “be secure, use keyvault, no extra code needed”, but we cant use both.
I need to have managed identites added dynamically. I want to be able to redeploy my keyvault and not having access policies wiped.
I am leaving a comment here, so I get updates! Please tell me when this is fixed, or if it will be fixed. I see this as a bug, and not a feature.