Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

KeyVault - set Secret getting 403

See original GitHub issue

The Authentication seems to be working (using the sample), but when I call the client.setSecret I am getting a 403. I have registered an app in Azure AD, added a key that does not expire, added the clientId and value of the key and the URI of my key vault to my app (same as the sample). I have also run the Powershell script to add the principal to the key vault in azure (and I can see it in the portal). This principal is set to allow ALL permissions for secrets. I am at a loss…any help?

Issue Analytics

State:
Created 7 years ago
Comments:20 (8 by maintainers)

Top GitHub Comments

1reaction

pomortazcommented, Oct 15, 2016

@jnystrom the command is correct but the object ID that is provided belongs to an application and not its service principal. The application ID is used for authentication and its service principal receives the permission to access your vault. Sorry I know its confusing.

Take a look at this sample code to see how to create application and service principal and give permission to service principal. If you follow that, you could get your problem solved easily. 😃

You may not have a service principal created for your application yet. If so, create that first and then use the object ID of the service principal to authorize access for the application.

1reaction

pomortazcommented, Oct 14, 2016

Oh, so that’s probably the problem. You need to give the app permission to access your vault using the command you shared earlier. Set-AzureRmKeyVaultAccessPolicy -VaultName <name> -ObjectId <ObjectId of my app in Azure AD> -PermissionsToSecrets All -ResourceGroup <group name>