Share via

Secret Create Error Backup Service

Murat-Azure 0 Reputation points
2023-08-23T12:45:56.25+00:00

Hello Master Clouders,

I would like to use the Backup Center service of my database which is Azure database for Postgre SQL single server. But before that, it wants me to create an Azure Key Vault when I am creating a backup. And it makes an error in creating a new 'Secret' phase.

Screen pictures are below. You need your support. I am already grateful for your support.

Azure Key Vault
Azure Key Vault

An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.

Azure Database for PostgreSQL

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. JessicaH-MSFT 251 Reputation points Microsoft Employee
    2023-08-23T16:30:15.4433333+00:00

    Hi Murat!

    From the above, I understand you'd like to create a backup of your Azure database for PostgreSQL single server but the portal is displaying an error that the secret required for setup cannot be created.

    Error messages displayed in the portal GUI aren't typically very verbose, so I'd suggest enabling key vault logs to verify the reason behind the error. You'll want to take note of the resultDescription in the error as it will supply the "oid" of the entity being blocked during secret creation. Sometimes this identity isn't the one the user expects while they are integrating other Azure services with Key Vault.

    Typically this creation error is seen when the identity attempting to create the key vault object does not have the proper permissions to the data plane of the key vault. It will appear as an HTTPStatusCode 403 in the logging.

    According to the Azure PostgreSQL database backup documentation, the identity requires the Key Vault Secrets User RBAC role or Get, List Secrets permission via an access policy on the key vault.

    If the key vault is using the Access Policy access configuration, the identity will require that an access policy be assigned. (Secrets: Get, List)

    If the key vault is using RBAC access configuration, the identity attempting to create the secret needs to be assigned a built-in key vault data plane role. (Key Vault Secrets User role).

    I hope this helps you move forward!

    Best, Jessica

    Please "Accept the answer" (Yes), and share your feedback if the suggestion answers you’re your query. This will help us and others in the community as well.

    Was this answer helpful?

    0 comments
  2. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    Comments have been turned off. Learn more

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.