How to execute Get-AzKeyVaultManagedStorageAccount -VaultName $keyVaultName

AJITH KUMAR RAI 0 Reputation points
2024-01-19T11:17:03.8533333+00:00

Hi Team, I have Enabled Key Regeneration with the help key vault for storage account by following this article.
https://learn.microsoft.com/en-us/azure/key-vault/secrets/overview-storage-keys-powershell

Now I am trying to access the list of KeyVault Managed StorageAccounts information
By using this article: https://learn.microsoft.com/en-us/powershell/module/az.keyvault/get-azkeyvaultmanagedstorageaccount?view=azps-11.2.0#examples

While trying to access
$keyVaultName="test-kv-westus2"
$storageAccountName="saccounttest"

Get-AzKeyVaultManagedStorageAccount -VaultName $keyVaultName

**Get-AzKeyVaultManagedStorageAccount -VaultName $keyVaultName -Name $storageAccountName
**
While accessing above command getting below error

Get-AzKeyVaultManagedStorageAccount: Operation returned an invalid status code 'Forbidden' Code: Forbidden Message: The user, group or application 'appid=xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx;oid=xxxxx-xxxx-4e4b-xxxx-xxxxxxxxxxxxx;numgroups=1;iss=https://sts.windows.net/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/' does not have storage list permission on key vault 'test-kv-westus2;location=westus2'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287

I have provided access to the user keyvault with admin permission still I am facing this issue.
I am trying to execute this command from azure portal Azure CLI .

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,328 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Akshay-MSFT 17,961 Reputation points Microsoft Employee
    2024-01-25T11:29:39.5766667+00:00

    @AJITH KUMAR RAI

    I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to "Accept " the answer.

    • Issue: Accessing KeyVault with Admin previleges via powershell resulted in error :

    Get-AzKeyVaultManagedStorageAccount: Operation returned an invalid status code 'Forbidden' Code: Forbidden Message: The user, group or application 'appid=xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx;oid=xxxxx-xxxx-4e4b-xxxx-xxxxxxxxxxxxx;numgroups=1;iss=https://sts.windows.net/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/' does not have storage list permission on key vault 'test-kv-westus2;location=westus2'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287

    • Solution: After updating permission model from "Vault access policy" to "Azure role-based access control (recommended)" you were able to access the Key Vault without any authorization error.

    If you have any other questions or are still running into more issues, please let me know.
    Thank you again for your time and patience throughout this issue. Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    * Thanks,

    Akshay Kaushik *

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.