Application settings in Azure Fucntion: AccessToKeyVaultDenied

Anonymous
2023-01-30T11:21:48.4+00:00

Hello,

To get the connection string of a Azure Storage in Azure Function, we are using the Applicationg Settings in the configuration menu. The problem is that we are receiving the following error:

AccessToKeyVaultDenied --> Key Vault reference was not able to be resolved because site was denied access to Key Vault reference's vault.

In theory, everything is ok.

-       In KeyVault, the secrets are well created and we have create an Access Policy for the Azure Function with “Get” and “List” privileges in the Secrets Permission.

-       Manage Identity is ON in Azure Function.

-       In Azure Function, the Application Settings has the correct syntax, and the references are valid. We have executed the “Diagnose and solve problems” tool to check that.

User's image

We are using Azure Function Premium plan, but I must say that this way to access the secrets works before with a Consumption plan.

Do you know what can be the problem here?

Thanks!

EDIT

I have create another Azure Function with Concumption Plan and the Application Settings are working with the same configuration as the Premium one. Is it possible that the Premium Functions works in another way? Hay can we access then to the Secrets in KeyVault?

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,257 questions
Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,890 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Anonymous
    2023-02-10T13:40:27.4633333+00:00

    The problem is solved: in KeyVault, we haven't added the Azure Function subnet.

    0 comments No comments

  2. Priyanka Kumari 0 Reputation points Microsoft Employee
    2024-03-04T05:09:13.99+00:00

    Problem Resolved.

    My scenario was my resources web app and key vault attached with private endpoint on same Vnet.
    Solution: virtual link was missed from private DNS zone . SO i have attached the vnet to the dnszone virtual link.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.