Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

KeyVault - set Secret getting 403

See original GitHub issue

The Authentication seems to be working (using the sample), but when I call the client.setSecret I am getting a 403. I have registered an app in Azure AD, added a key that does not expire, added the clientId and value of the key and the URI of my key vault to my app (same as the sample). I have also run the Powershell script to add the principal to the key vault in azure (and I can see it in the portal). This principal is set to allow ALL permissions for secrets. I am at a loss…any help?

Issue Analytics

  • State:closed
  • Created 7 years ago
  • Comments:20 (8 by maintainers)

github_iconTop GitHub Comments

pomortazcommented, Oct 15, 2016

@jnystrom the command is correct but the object ID that is provided belongs to an application and not its service principal. The application ID is used for authentication and its service principal receives the permission to access your vault. Sorry I know its confusing.

Take a look at this sample code to see how to create application and service principal and give permission to service principal. If you follow that, you could get your problem solved easily. 😃

You may not have a service principal created for your application yet. If so, create that first and then use the object ID of the service principal to authorize access for the application.

pomortazcommented, Oct 14, 2016

Oh, so that’s probably the problem. You need to give the app permission to access your vault using the command you shared earlier. Set-AzureRmKeyVaultAccessPolicy -VaultName <name> -ObjectId <ObjectId of my app in Azure AD> -PermissionsToSecrets All -ResourceGroup <group name>

Read more comments on GitHub >

github_iconTop Results From Across the Web

Azure KeyVault 403 Forbidden when using ... - Stack Overflow
When you set access policy, you need to select service principal with only object id (without app id). See this similar post answer....
Read more >
KeyVault access 403 - Forbidden: Access is denied.
I have created KeyVault in Azure and assigned permission to user. (Added in access policies) ... Getting 403 - Forbidden: Access is denied....
Read more >
Accessing Azure Key Vault values from Azure App ... - Medium
Open the Part1.cs file and run the test. At this stage it should pass as we are only going off to app configuration....
Read more >
Adding a Keyvault Secret after Keyvault Creation fails with 403 ...
The key vault and policy are being created successfully but adding a keyvault secret after that is resulting in an access forbidden error....
Read more >
does not have secrets get permission on key vault : r/AZURE
The key vault gets created like this, according to terraform plan : ... Failure responding to request: StatusCode=403 -- Original Error: ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found