Thank you for posting your query on Microsoft Q&A, from above description I could understand that you are getting error "message": "Caller is not authorized to perform action on resource." while accessing key vault with managed identity for AKS.
Please do correct me if this is not the ask by responding in the comments section.
- As per: Create a managed identity and grant permissions to access the secret it sets access policy for the managed identity to access the Key Vault secret using the following commands.
az keyvault set-policy --name "${KEYVAULT_NAME}" --secret-permissions get --spn "${USER_ASSIGNED_CLIENT_ID}"
- In order to achieve this you must ensure that you have Access policies enabled in Key Vault and not RBAC role:
- Kindly assign role "Key Vault Secret User" to the managed identity account.
- Validate the "Networking > Firewall rules and try testing the behavior with Allow public access from all networks
Please "Accept the answer (Yes)" and "share your feedback ". This will help us and others in the community as well.
Thanks,
Akshay Kaushik