Hello Bryan,
Try granting your Service Principal the RBAC key vault Contributor role.
If this is helpful please accept answer.
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I am trying to read from a key vault using a service principal as part of a terraform script. I have granted my service principal "Key Vault Reader" and "Key Vault Secrets User" roles for the subscription that holds the key vault in question. However, when I try to access the key vault in my terraform script, I get the following error:
│ Error: making Read request on Azure KeyVault Secret MY-SECRET: keyvault.BaseClient#GetSecret: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="Forbidden" Message="The user, group or application 'appid=<MYAPPID>;oid=<OID>;iss=https://sts.windows.net/<ADDR>/' does not have secrets get permission on key vault 'MY-KEYVAULT;location=eastus'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287" InnerError={"code":"AccessDenied"}
Hello Bryan,
Try granting your Service Principal the RBAC key vault Contributor role.
If this is helpful please accept answer.