Access key vault from onprem laptop using azure portal using private endpoint

Anish Kumar Das 0 Reputation points
2023-07-28T14:42:10.9433333+00:00

I am trying to access Azure key vault from onprem laptop using Azure portal to manage keys and secrets but I am unable to access. I don't want to add the client public ip in the key vault firewall allowed IP list as security team don't want the traffic to be routed through the internet. Instead we want to use the private endpoint to connect to the key vault from onprem laptop. We are able to connect to the key vault from a jump host by adding it's IP. Also connectivity is fine from onprem to azure as we are able to connect to a storage account with private endpoint enabled using storage explorer from the same onprem laptop.

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,372 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,637 questions
Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
535 questions
{count} votes

1 answer

Sort by: Most helpful
  1. msrini-MSFT 9,286 Reputation points Microsoft Employee
    2023-07-31T04:29:39.94+00:00

    Hi Anish,

    When it comes to the Private endpoint, the issue happens generally on this 2 places.

    1. DNS resolution - In order for the private endpoint communication to work, your Azure Key Vault FQDN to IP resolution needs to resolve to the private IP of the Private endpoint. You can check this by doing a "nslookup <FQDN of Keyvault>" from the laptop from which you are trying to access. Check if it is resolving to the Private IP. If not, you will need to fix this. You can fix that by adding a host file entry locally in your laptop for the temp fix or you can work with your On-Prem local IT team to add get this resolution happen.
    2. IP connectivity from On-Prem to Azure - You can check this by trying to connect to any one of the VM which is in the same VNET as that of Private Endpoint.

    Regards,

    Karthik Srinivas

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.