![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 46%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJH%3C/text%3E%3C/svg%3E)
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,108 questions
@J H • How have you acquired the token to call Key Vault for the wrapKey operation? Please check if the token acquisition is done under user context or application context and make sure the correct entity is given the Wrap Key permission either via Access Policy or RBAC. For testing purposes, you may try the Wrap Key REST Call to perform this operation by using the token as bearer token in the Authorization header of the REST API call. You can also try capturing the token via fiddler trace or by applying breakpoint in application code and decoding the token at https://jwt.ms to see if the token is issued to User or Application and check if it is issued to the correct audience, which should be https://vault.azure.net.
To get more details about the operation and error, you may consider enabling Azure Key Vault logging.