Share via

I turned on firewall with my Azure Key Vault and my Azure DevOps Pipeline stopped working, who to whitelist ADO Pipeline with Azure KeyVault Firewall

Krzysztof Białogłowy 0 Reputation points
2025-07-03T11:31:16.1933333+00:00

I turned on firewall with my Azure Key Vault ("Allow public access from specific virtual networks and IP addresses") and my Azure DevOps Pipeline stopped working, who to whitelist ADO Pipeline with Azure KeyVault Firewall.

Right now I'm getting error from the pipeline that:

"Get secrets failed. Error: Client address is not authorized and caller is not a trusted service.
Client address: 4.212.243.122"

Client Address is keep changing it is dynamic.

I was thinking that maybe there is a way to whitelist some service tags like "Azure Cloud" as those Client addresses are covered by Azure Cloud Service tag, but I do not know how to do that, can you help?

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,454 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Kancharla Saiteja 5,905 Reputation points Microsoft External Staff Moderator
    2025-07-03T12:24:03.7066667+00:00

    Hi @Krzysztof Białogłowy,

    Based on your query, I understand that DevOps stopped working once you have enabled firewall for key vault.

    As per this information, you may need to use self-hosted agent in your Azure tenant as VM or scale-set, then you can configure firewall and even use KV in private network. You can configure scale set using the following document: Create the scale set. This scale set helps you in having agent on a VM.

    I hope this information is helpful. Please feel free to reach out if you have any further questions.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.