unable to access azure vault secret from pipeline agent vm

Nitin Naidu (Consultant) 51 Reputation points
2023-05-10T07:00:45.19+00:00

We have azure vault deployed with public access disabled i.e firewall enabled. We have our self-hosted pipeline deployed in a different vnet. We tried adding private IP of agent vm but vault says that private ip cannot be added. We want to know if there is an alternate solution to allow self hosted pipeline agent on a vm in a particular vnet to be able to access vault secret in a different vnet with firewall enabled without creating private endpoint. We already have a private endpoint created for the vnet where vault is deployed and do not want to create an additional private endpoint for agent vm vnet. 

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,163 questions
{count} votes

Accepted answer
  1. Akshay-MSFT 17,086 Reputation points Microsoft Employee
    2023-05-11T07:23:17.57+00:00

    @Nitin Naidu (Consultant)

    As per Public Access Disabled (Private Endpoint Only) To enhance network security, you can configure your vault to disable public access. This will deny all public configurations and allow only connections through private endpoints.

    The only workaround you could use here is to select Allow public access from specific virtual networks and add IP address or Virtual Networks - Dynamic IPs

    User's image

    Please do let me know if you have any further queries.

    Thanks,

    Akshay Kaushik

    Please "Accept the answer" (Yes), and share your feedback if the suggestion answers you’re your query. This will help us and others in the community as well.

    1 person found this answer helpful.
    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Konstantinos Passadis 17,376 Reputation points MVP
    2023-05-11T07:47:54.8333333+00:00

    Hello @Nitin Naidu (Consultant) !

    In addition to @Akshay-MSFT

    I have found a similar case for access via Service Endpoint

    https://ystatit.medium.com/azure-key-vault-with-azure-service-endpoints-and-private-link-part-1-bcc84b4c5fbc

    You do have to configure Firewall but maybe it is worth taking a look

    I hope this helps!

    Kindly mark the answer as Accepted and Upvote in case it helped!

    Regards

    1 person found this answer helpful.