Service Endpoint of Azure Key Vault

Apurva Pathak 660 Reputation points
2023-11-02T07:29:19.34+00:00

Hi Folks,

I have a Key Vault for which I have restricted access to only certain Public IPs and specified Vnets in the firewall settings of the Key Vault. However, when I am trying to access the Key Vault from one of the VMs which are deployed in the whitelisted Vnets. I did have enabled Key Vault related Service Endpoint on the subnet of the VMs.

I am trying to access the KV over browser in the VMs, do service endpoint enable browsers connections as well to go via MS backbone, if yes, any reason of this not working.

Pasting a few snips below for more clarity:

KV Firewall settings:User's image

Subnet endpoint status:

User's image

Thanks in advance!

Cheers!

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,411 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Deepanshukatara-6769 15,195 Reputation points
    2023-11-02T08:30:20.35+00:00

    Hi , To answer your question

    You can configure Key Vault firewalls and virtual networks to deny access to traffic from all networks (including internet traffic) by default. You can grant access to traffic from specific Azure virtual networks and public internet IP address ranges, allowing you to build a secure network boundary for your applications.

    So you can allow inbound/output rules for http/https in NSG and then it should work

    Please check MS doc for ref https://learn.microsoft.com/en-us/azure/key-vault/general/overview-vnet-service-endpoints

    And still if issue occurs , please share the error in detail

    Thanks , kindly accept answer if it has helped


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.