Azure Devops Pipeline failing on azure key vault

Question

We get this error :

fail: AzureSignTool.SignCommand[0]

Failed to retrieve certificate *** from Azure Key Vault. Please verify the name of the certificate and the permissions to the certificate. Error message: ClientSecretCredential authentication failed: A configuration issue is preventing authentication - check the error message from the server for details. You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS7000222: The provided client secret keys for app '***' are expired. Visit the Azure portal to create new keys for your app: https://aka.ms/NewClientSecret, or consider using certificate credentials for added security: https://aka.ms/certCreds. Trace ID: e6ba4893-98bd-46fe-b2b4-aa757ef7b800 Correlation ID: 3f9e7031-c66f-49aa-97e8-3b2422068367 Timestamp: 2024-04-24 08:59:34Z.

But the keys are NOT expired...

We have similar errors on other projects/pipeline, and none of the secrets or certificates are expired...

Answer 1

Hi Cyril ,

Questions related to Azure DevOps are best asked over on https://developercommunity.visualstudio.com/search?space=21, I would suggest posting your question there.

As far as related to your issue Ensure that the application registration or MI which is acting has the service connection between azure Devops and azure has the necessary permissions to access the Azure Key Vault. Verify that the application has been granted the appropriate permissions (e.g., Get and List permissions) on the key vault where the certificate is stored.

Kindly check and accept answer if it helps, Thanks!