Key Vault Reference in web app config now says 'AccessToKeyVaultDenied'

Question

A while back I setup a RBAC key vault. I followed some guide where I added a connection string under my Wep App => Configuration. All was green after that and worked.

Now, however, I noticed that this happend

Never seen this before. First thought it was some temporary hickup, but it's still there.

What's confusing me is that this appeard from nowhere.

Seems like detailed logs here. But I guess my question is. Has anyone seem anything similiar? And why this could seemingly occur out of nowhere? I am ofc trying to understand the logs, but I'm somewhat new to Azure still :)

Answer 1

Hi Erik,

It seems authorization issue and I think If there have been changes in the access policies of your Key Vault, it might result in your web app being unable to access the secrets or certificates it needs.

To resolve this

To allow your Azure Web App Managed Identity (MI) access to your Key Vault, you need to configure access policies in the Key Vault to grant the necessary permissions. Here's a step-by-step guide:

1. Grant Access to the Key Vault:
   • Go to your Key Vault in the Azure portal.
   • Navigate to "Access policies" under "Settings".
   • Click on "+ Add Access Policy" to add a new access policy.
   • For "Configure from template", you can choose a template based on your requirements. For example, "Secret Management".
   • Under "Select principal", search for your web app's name and select it.
   • Click "Add" to add the access policy.
   • Review and save your changes.
2. Verify Access:
   • After adding the access policy, Azure Web App's Managed Identity should have the necessary permissions to access the Key Vault.
   • You can verify this by retrieving a secret from the Key Vault within your web app's code.

Please check this doc for more ref https://learn.microsoft.com/en-us/azure/key-vault/general/rbac-guide?tabs=azure-cli

kindly check and accept answer if it helps, Thanks