Unexpected Error Occurred when Restoring Backup of Secret in Azure Key Vault

Maria Lee 26 Reputation points
2021-04-15T08:51:25.777+00:00

Hi there, recently we tried migrating the contents of an Azure Key Vault following the steps provided here: https://learn.microsoft.com/en-us/azure/key-vault/general/move-region. We utilized Option (2) and downloaded all the keys/secrets/certificates successfully and managed to re-upload them to a new target Key Vault.

However, when we tried replicating the same steps in Production, we encountered a new error as shown below:
88158-image.png

Are there any ways to troubleshoot this error message and continue the Key Vault Migration? Thanks!

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
662 questions
{count} votes

Accepted answer
  1. JamesTran-MSFT 26,616 Reputation points Microsoft Employee
    2021-04-20T17:20:44.203+00:00

    @Maria Lee
    Thank you for your time and patience throughout this issue! I reached out to our AKV SMEs and will post their update below.

    When it comes to the backup/restore operation not working, this could be because - When you back up a key vault object, such as a secret, key, or certificate, the backup operation will download the object as an encrypted blob. This blob can't be decrypted outside of Azure. To get usable data from this blob, you must restore the blob into a key vault within the same Azure subscription and Azure geography. For more info - Design considerations

    The version change is expected as you're creating new secrets hence new GUIDs. This will only affect the caller (ADF) if it has references using the secret's versions specific GUIDs, but if it's using just the name as reference then there should be no issues.

    If you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.

    ----------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    No comments

0 additional answers

Sort by: Most helpful