Hello @Christopher Mühl ,
Thanks for the question and using MS Q&A platform.
My understanding is that you are trying to create a synapse workspace using ARM template using UserAssingedIdentity
and you are receiving above error. Please correct if I'm not accurate.
From the above error message, it complains that your UserAssignedIdentity
(I know errror says Managed Identity, which means User Assigned Managed Identity
with regards to your scenario) doesn't have the Get
permission on the AzureKeyVault. I see you already stated that UserAssignedIdentity
has already been authorized for the keyvalut, but could you please re-confirm if the below access policies/permissions are granted to it?
- Get (to read the public part of a key)
- WrapKey (to insert a key into Key Vault when creating a new key).
- UnwrapKey (to get the key for decryption).
For more info, please refer to this doc: Using a User-assigned Managed identity
Also, could you please confirm if your Azure Key Vault is behind a firewall? The reason I would like to validate this is because a User-assigned Managed Identity
cannot be configured to access customer-managed key when Azure Key Vault is behind a firewall.