@J H • How have you acquired the token to call Key Vault for the wrapKey operation? Please check if the token acquisition is done under user context or application context and make sure the correct entity is given the Wrap Key permission either via Access Policy or RBAC. For testing purposes, you may try the Wrap Key REST Call to perform this operation by using the token as bearer token in the Authorization header of the REST API call. You can also try capturing the token via fiddler trace or by applying breakpoint in application code and decoding the token at https://jwt.ms to see if the token is issued to User or Application and check if it is issued to the correct audience, which should be
To get more details about the operation and error, you may consider enabling Azure Key Vault logging.