Azure Devops Pipeline failing on azure key vault

Cyril Carlier 20 Reputation points
2024-04-24T09:08:23.9933333+00:00

We get this error :

fail: AzureSignTool.SignCommand[0]

Failed to retrieve certificate *** from Azure Key Vault. Please verify the name of the certificate and the permissions to the certificate. Error message: ClientSecretCredential authentication failed: A configuration issue is preventing authentication - check the error message from the server for details. You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS7000222: The provided client secret keys for app '***' are expired. Visit the Azure portal to create new keys for your app: https://aka.ms/NewClientSecret, or consider using certificate credentials for added security: https://aka.ms/certCreds. Trace ID: e6ba4893-98bd-46fe-b2b4-aa757ef7b800 Correlation ID: 3f9e7031-c66f-49aa-97e8-3b2422068367 Timestamp: 2024-04-24 08:59:34Z.

But the keys are NOT expired...

We have similar errors on other projects/pipeline, and none of the secrets or certificates are expired...

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,144 questions
0 comments No comments
{count} votes

Accepted answer
  1. Deepanshu katara 5,370 Reputation points
    2024-04-24T09:23:35.17+00:00

    Hi Cyril ,

    Questions related to Azure DevOps are best asked over on https://developercommunity.visualstudio.com/search?space=21, I would suggest posting your question there.

    As far as related to your issue Ensure that the application registration or MI which is acting has the service connection between azure Devops and azure has the necessary permissions to access the Azure Key Vault. Verify that the application has been granted the appropriate permissions (e.g., Get and List permissions) on the key vault where the certificate is stored.

    Kindly check and accept answer if it helps, Thanks!


0 additional answers

Sort by: Most helpful