Issue with executing $secret = Set-AzKeyVaultSecret -VaultName $KVNAME -Name vmPassword -SecretValue $secretSecureString
Hi,
I was trying to use solutions from the internet like e.g. https://learn.microsoft.com/en-us/answers/questions/1726526/issue-creating-secrets-when-working-on-exercise , but this is impossible to add any access policies in azure portal when using Concierge Subscription Microsoft Learn Sandbox, so I can't complete the exercise from the point mentioned below.
This is how it looks in my PS (when following https://learn.microsoft.com/en-us/training/modules/manage-deployments-advanced-arm-template-features/5-secure-parameters-exercise?pivots=powershell):
PS C:\Users\eweli> $KVNAME="tailwind-secrets" + (Get-Random -Count 1 -Maximum 9999999)
PS C:\Users\eweli> $KVNAME
tailwind-secrets7174552
PS C:\Users\eweli> $secretSecureString = ConvertTo-SecureString 'insecurepassword123!' -AsPlainText -Force
PS C:\Users\eweli> $secret = Set-AzKeyVaultSecret -VaultName $KVNAME -Name vmPassword -SecretValue $secretSecureString
Set-AzKeyVaultSecret: Operation returned an invalid status code 'Forbidden'
Code: Forbidden
Message: Caller is not authorized to perform action on resource.
If role assignments, deny assignments or role definitions were changed recently, please observe propagation time.
Caller: appid=1950a258-227b-4e31-a9cf-717495945fc2;oid=2d4fd02d-6a48-437d-88b3-6e009eeddd32;iss=https://sts.windows.net/604c1504-c6a3-4080-81aa-b33091104187/
Action: 'Microsoft.KeyVault/vaults/secrets/setSecret/action'
Resource: '/subscriptions/9e2deb73-2f73-46d9-96f9-f94827200755/resourcegroups/learn-58a3048d-b977-4ebc-aac6-9a00b895d1bd/providers/microsoft.keyvault/vaults/tailwind-secrets7174552/secrets/vmpassword'
Assignment: (not found)
DenyAssignmentId: null
DecisionReason: null
Vault: tailwind-secrets7174552;location=eastus
PS C:\Users\eweli> $secret = Set-AzKeyVaultSecret -VaultName $KVNAME -Name vmPassword -SecretValue $secretSecureString
This question is related to the following Learning Module