1

I've an azure key vault that has configured with a private endpoint in virtual network. After configuring the private endpoint, I'm not able to add any new secrets to the key vault.

Is there a way to add/edit secrets from azure portal in a key vault while it is configured with a private endpoint.

Note: I know that we can access the key vault from a virtual machine within same virtual network and add/edit secrets in the key vault.

MarsRoverII
  • 111
  • 1
  • 15

2 Answers2

-1

That is the whole point of Private Endpoints. The Key Vault data plane is now ONLY accessible by resources that are sitting on a machine, cluster, or environment connected to the Virtual Network where the Private Endpoint resource was deployed.

https://learn.microsoft.com/en-us/azure/key-vault/general/private-link-diagnostics

Ken W - Zero Networks
  • 3,533
  • 1
  • 13
  • 18
  • I'm wondering that in this situation where the azure key vault has been integrated with Private Link, then only option to add/edit any secrets/key/certs etc, we have to provision a VM in the same virtual network? But that should not be a ideal option as to main a key vault we have to provision a VM. – MarsRoverII Dec 16 '21 at 18:52
-1

There are 2 ways I can think of to get this done.

  1. As a stop gap hack , you can add your current IP as client to the key-vault , when private endpoints are enabled .Go to Key-vault networking-->firewall and vnet--> selected network-->add client IP of your machine

  2. Second way is to have Express Route connectivity to your on-premise corporate network into the private endpoint VNET (or VNet peering if you have VM in cloud). Recommendation is to use hub-spoke topology for network. Please refer below link.

Hub-spoke network topology in Azure

Gaurav Sood
  • 1