Share via

Failed to add the secret in Azure Front Door - BYOC

Chandravir Umath 0 Reputation points
2024-09-23T07:59:53.64+00:00

I am trying to setup a custom domain in azure front door for a wildcard domain. Also I have Import the certificate for the wildcard ssl in key vault as well . But when I am trying to add the secrets in the Azure Front Door I am getting this error "Failed to create the secret 'continuum-dev-continuumdev-e2d00c4196d242bd8cc2ead12a244b54'. Error: We don't have permission to access this secret. Go to "Access policies" in your Key Vault account to give Microsoft.AzureFrontDoor-Cdn or managed identities (if you enabled managed identities in profile) permission to get secrets."

I have added the certificate in key vault in pfx format
I have switch on the system assigned identity and added the role assignements as well (key vault administrator , owner, key vaults secret user)
I have followed this steps given in below microsoft links:-
https://learn.microsoft.com/en-us/azure/frontdoor/standard-premium/how-to-configure-https-custom-domain

https://learn.microsoft.com/en-us/azure/frontdoor/standard-premium/how-to-configure-https-custom-domain#register-azure-front-door

https://learn.microsoft.com/en-us/azure/frontdoor/standard-premium/how-to-configure-https-custom-domain#grant-azure-front-door-access-to-your-key-vault

I am also adding the screenshots of error as well

Kindly rever asap

User's image

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,293 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Akhilesh Vallamkonda 9,840 Reputation points Microsoft Vendor
    2024-09-27T18:10:28.37+00:00

    Hi @Chandravir Umath

    Thank you for reaching Microsoft Q&A!

    I understand that in your Key Vault but when you trying to add the certificate in the secret section of Frontdoor, you are getting the following error "Failed to create the secret. We don't have permission to access this secret. Go to access policies in your key vault account to give Microsoft.AzureFrontDoor-cdn or managed identities permission to get secrets".

    To be able to add the certificate to the secret section of Front Door, the below 2 steps must be completed first and sometimes, it may take more than 1 try. So request you to check if both the below steps have been completed and re-try them just to be sure and then try adding the certificate:

    1. Register Azure Front Door: Register the service principal for Azure Front Door as an app in your Azure Active Directory (Azure AD) by using Azure PowerShell or the Azure CLI. The Application Id is "205478c0-bd83-4e1b-a9d6-db63a3e1e1c8" Refer: https://learn.microsoft.com/en-us/azure/frontdoor/standard-premium/how-to-configure-https-custom-domain#register-azure-front-door
    2. Grant Azure Front Door access to your key vault: In your key vault account, select Access policies and create a new access policy with Get Secret & Certificate permissions to allow Front Door to retrieve the certificate. In Select principal, search for 205478c0-bd83-4e1b-a9d6-db63a3e1e1c8, and select Microsoft.AzureFrontDoor-Cdn Refer: https://learn.microsoft.com/en-us/azure/frontdoor/standard-premium/how-to-configure-https-custom-domain#grant-azure-front-door-access-to-your-key-vault

    Kindly let us know if the above helps. Do let us know if you any further queries by responding in the comments section.

    Thanks,

    Akhilesh.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

  2. Chandravir Umath 0 Reputation points
    2024-10-03T06:46:08.22+00:00

    Thanks for the comment anyways I debugged it earlier after a day of my comment. Also I say you comments that are really helpful
    Thanks

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.