Couldn't create secrets in Azure Vault
Hi Everyone, I have opted for a free subscription from Azure, by default my user id holds Global Administrator role. But couldn't create secrets in Azure Vault, getting error message as right RBAC role has not been assigned. Please find the following…
Cloud Service and Keyvault are in different subscriptions
I am using KeyVaultExtension to CSES in my deployment arm template to download and install the certificate automatically by following the doc Apply the Key Vault VM extension in Azure Cloud Services (extended support) | Microsoft Learn This is where…
Troubleshooting "The specified X.509 certificate content is invalid" Error When Importing to Azure Key Vault
I encountered the error "The specified X.509 certificate content is invalid. Error: One or more X.509 properties are invalid." while attempting to import a certificate from Cybersource into Azure Key Vault. The command used was: az keyvault…
"Successfully imported Key Vault Certificate, but failed to configure SSL binding"
I have a number of certificates in my Azure Key Vault, which were all generated the same way. I also have a number of Web App Services, which were all created the same way. But sometimes, when I add a custom domain to an App Service, and then try to bind…
Access to read Key Vault using registered app user
Have registered an app called 'DevUAT' under Microsoft Entra Id. Created ClientID and Client Secret, Created a Key vault. Created secret and key Added 'DevUAT' to the key vault as owner When accessing the key vault and reading the secret get access…
java.lang.NoClassDefFoundError: Could not initialize class com.azure.identity.implementation.RegionalAuthority
Describe the bug We are in process of writing PT scripts (using JMeter) so that they can be executed using Azure Load test tool. As part of this project, we need to store our test login credentials in Azure key vault so that these PT scripts can read…
How to fix (ResourceGroupNotFound) learn- issue
When running az keyvault set-policy -n <keyvault-name> --key-permissions get --spn <clientId>, I get the error: (ResourceGroupNotFound) Resource group 'learn-863f910a-xxxx-xxxx-xxxx-4c6f3e30d049' could not be found. Code:…
Get Private Key for a certificate from Azure Key Vault
I need a public key as encryptionCertificate, to encrypt the resource data that returns to my ReactJs Client app. Later a private key to decrypt MS Graph Rich notifications includes the resource data, as per URL:…
Elaboration needed on Azure Key Soverignty
Hello, we came across this key sovereignty notion on Azure page and would like more clarification on the statement "Key sovereignty means that a customer's organization has full and exclusive control over who can access keys and change key…
Azure Key Vault availability ? service downtime ??
Hello , We are planning to use azure vault to store database username/password to provide better security in our application and we will read it from azure key vault on runtime for further usage in application. I have checked it …
How can I use CBA for securing high privileged break glass account ?
How can I use the WildCard SSL App Service Certificate for the Certificate Based Authentication (CBA) to allow login with the Break Glass account? https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-certificate-based-authentication I…
Is it safe to add the global "Microsoft Azure App Service" to Key Vault Role Assignments
Unfortunately, it seems that KeyVault Certificates are currently still in an unstable state where RBAC is not properly implemented. Further details of the specifics and a solution to the problem can be seen here…
ERROR | Azure Key Vault access from Python application in Azure Kubernetes Service
I have a python application in AKS where I need to read the secrets from Azure key vault. I am using: credential = DefaultAzureCredential(logging_enable=True) client = SecretClient(vault_url=KV_URI, credential=credential) secret =…
Generate AES-GCM 256 bit Encryption key using Azure Key Vault Managed HSM
I'm trying to generate an AES-GCM algorithm based encryption to be used in my utility for encrypting and decrypting data. Now, based on the Azure documentation I understand that AES-GCM key can be obtained via selecting AES-HSM key type, select then 128…
Azure Machine Learning workspace cannot access Datastore, Container Registry
Hi, I have created an Azure Machine Learning workspace, giving it a user-assigned identity. This identity has both a contributor role over the whole resource group, and a Key Vault Secrets Officer role over the key vault used by the AML workspace It was…
Getting null response during downloading certificate
Hello Azure Community, We are using API Management for business transactions and supporting it with a Function App and Key Vault for security. We've updated our code to ensure the certificate is downloaded and remains in object memory for subsequent…
Let's Encrypt Certificate with Key Vault and Azure App Service Import Issues
Hi comunity, I have a wildcard certificate issued by Let's Encrypt. I want to use this certificate with an Azure App Service. Following the instructions, I created a password-protected .pfx file using the following command: openssl pkcs12 \ -export \ …
not able to change access configuration policy
CODE InsufficientPermissions MESSAGE RAW ERROR Caller is not allowed to change permission model. For more information on how to change the permissions model follow this link: https://go.microsoft.com/fwlink/?linkid=2155160. Details:…
Application gateway listener error when trying to use key vault certificate using managed identity and RBAC
Hi, I'm trying to setup a listener in application gateway to use a certificate from keyvault using managed identity. But every time whne I choose in portal the managed identity and then select the key vault from the dropdown menu I get this error: …
Could someone supply a comprehensive list of files that can be digitally signed with Azure Sign Tool using Azure Key Vault?
Is there a comprehensive list of all files that could be digital signed? For example: .dll, .exe, .cab, ect...