Insufficient Permissions for Import Certificate into Key Vault

Carolyn Schroeder 186 Reputation points
2024-05-30T06:32:40.9466667+00:00

I am an external user for one of my client accounts. I have owner permissions. I am trying to import a certificate into a key vault. The key vault has the Vault Access Policy. As the owner, I have full access to this resource. However, when I try to import a certificate, I am getting an insufficient permission error. I have tried to add an Access Policy but can't find a principal to assign it to.

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,328 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Deepanshukatara-6769 11,545 Reputation points
    2024-05-30T06:44:32.6+00:00

    Hi Carolyn,

    1. Verify Access Policies: Double-check the access policies configured on the Key Vault. As an owner, you should have full access, but you may need a explicit permission for importing
    2. Add Explicit permission in Access Policy: If necessary, add an access policy explicitly granting permissions for importing certificates. To do this:
      • Go to the Azure portal and navigate to the Key Vault.
      • Select "Access policies" from the left menu.
      • Click on "Add Access Policy."
      • Choose the appropriate permissions (e.g., "Import" for certificates).
      • In the "Select principal" section, you may need to search for and select the application or your object ID
      • Click "Add" to save the access policy.

    Please check below images for reference

    User's image

    User's image

    User's image

    Please check this doc for ref https://learn.microsoft.com/en-us/azure/key-vault/general/assign-access-policy?tabs=azure-portal

    kindly accept answer if it helps,

    Thanks

    Deepanshu


  2. Carolyn Schroeder 186 Reputation points
    2024-05-30T12:05:25.8166667+00:00

    This is just too small a shop to use Azure Key Vault. I was able to add a custom domain and secure it by directly importing the app service certificate


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.