Azure Key Vault - can't get, create, or list secrets

Question

Cannot create, get, or even list secrets in my key vault. I own the subscription and I have changed to RABC permissions. I have given myself Key vault user, reader, owner, and officer and have waited for 30 minutes to allow perms to propagate. I am missing something and I have googled for a bit for posting here. Any suggestions on which RBACs are needed and how long the perms take to propagate. Thanks

Do you have RBAC access policies enabled? KeyVault->AccessPolicies. If not you need to add yourself in there — Carlos Garcia, Apr 20 '22 at 18:30

score 0 · Answer 1 · answered Apr 20 '22 at 18:39

0

Ooops, I just found out that I have TWO users with the same name and different email addresses. This was the issue -- it takes almost no time for the permissions to propagate. And don't name two users the same name! Sorry...

answered Apr 20 '22 at 18:39

Pat Garvey

1
2

score 0 · Answer 2 · answered Apr 20 '22 at 18:39

0

You need to set RBAC Access Policies:

Make sure your network setup is correct:

These are the lists of RBAC available roles. Subscription owner is not enough to read the secrets, you need the KeyVault specific roles (which I think you are already configuring)

link: https://learn.microsoft.com/en-us/azure/key-vault/general/rbac-guide?tabs=azure-cli#azure-built-in-roles-for-key-vault-data-plane-operations

answered Apr 20 '22 at 18:39

Carlos Garcia

2,771
1
17
32

Thanks. I did that. See my note above -- dumb mistake on my part. – Pat Garvey Apr 20 '22 at 18:53
Glad you find the issue :) – Carlos Garcia Apr 20 '22 at 18:54

Azure Key Vault - can't get, create, or list secrets

2 Answers2