How do I access KeyVault from a .NET console app Azure Batch job?
I have a .NET console app job that needs to read a secret from KeyVault. The .NET console app is uploaded to run on an Azure Batch job. I am using the Microsoft.Azure.Services.AppAuthentication package and here is the snippet of code trying to access the KeyVault:
var azureServiceTokenProvider = new AzureServiceTokenProvider("RunAs=App;AppId={my managed identity's client ID}");
KeyVaultClient keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
var secret = await keyVaultClient.GetSecretAsync(cacheKey);
I keep getting this error though when the job is run from Azure Batch:
INNER EXCEPTION: MESSAGE: Parameters: Connection String: RunAs=App;AppId={client id}, Resource: https://vault.azure.net, Authority: https://login.windows.net/{redacted}. Exception Message: Tried to get token using Managed Service Identity. Access token could not be acquired. Received a non-retryable error. MSI ResponseCode: BadRequest, Response: {"error":"invalid_request","error_description":"Identity not found"}