How can you configure an Azure Key Vault to work with a Python application running in the Kubernetes Service?

Mariano Chicatun 0 Reputation points
key_vault_uri = os.environ["KEY_VAULT_URL"]
credential = ManagedIdentityCredential(client_id=client_id)
client = SecretClient(vault_url=key_vault_uri, credential=credential)

I'm getting the following error:
azure.identity._exceptions.CredentialUnavailableError: ManagedIdentityCredential authentication unavailable. The requested identity has not been assigned to this resource. Error: Unexpected response "{'error': 'invalid_request', 'error_description': 'Identity not found'}"

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,180 questions
Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
1,976 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Claudia Dos Santos Haz (CONCENTRIX CORPORATION) 935 Reputation points Microsoft Vendor

    Hello @Mariano Chicatun ,

    Thanks for using Microsoft Q&A!!

    If you are running from your local development environment then the code try to access Azure key vault using developer context and not the managed identity (which is available in Azure) and thus you are getting this error as you need to grant yourself(or the user you are using to access the key vault) permissions to access the key vault to test in your local environment.

    Please try running the same after deploying it to Azure app service. You can also refer to this Python sample to get the steps to test your code in your local environment without using managed identity. This code use function get_key_vault_credentials to use the environment variables if MSI Authentication is unsuccessful.

    Best regards,

    0 comments No comments

  2. JamesTran-MSFT 36,531 Reputation points Microsoft Employee

    @Mariano Chicatun

    Thank you for your post and I apologize for the delayed response!

    Error Message:

    CredentialUnavailableError: ManagedIdentityCredential authentication unavailable. The requested identity has not been assigned to this resource.

    Based off your error message, it looks like you're trying to access the Key Vault with your Managed Identity which hasn't been assigned to the resource. To hopefully help resolve your issue or point you in the right direction can you make sure that your Managed Identity has the correct permission on your Key Vault? Depending on your vault's Access configuration, you'll have to assign the appropriate Azure RBAC Key Vault role or Access Policy permission(s).

    Additional Links:

    I hope this helps!

    If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.

    If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.

    0 comments No comments