KeyVault - set Secret getting 403See original GitHub issue
The Authentication seems to be working (using the sample), but when I call the
client.setSecret I am getting a 403. I have registered an app in Azure AD, added a key that does not expire, added the clientId and value of the key and the URI of my key vault to my app (same as the sample). I have also run the Powershell script to add the principal to the key vault in azure (and I can see it in the portal). This principal is set to allow ALL permissions for secrets. I am at a loss…any help?
- Created 7 years ago
- Comments:20 (8 by maintainers)
Top GitHub Comments
@jnystrom the command is correct but the object ID that is provided belongs to an application and not its service principal. The application ID is used for authentication and its service principal receives the permission to access your vault. Sorry I know its confusing.
You may not have a service principal created for your application yet. If so, create that first and then use the object ID of the service principal to authorize access for the application.
Oh, so that’s probably the problem. You need to give the app permission to access your vault using the command you shared earlier. Set-AzureRmKeyVaultAccessPolicy -VaultName <name> -ObjectId <ObjectId of my app in Azure AD> -PermissionsToSecrets All -ResourceGroup <group name>