How to access keyvault data from azure kubernetes?

Question

I am trying to access keyvault data from aks cluster.

By following this link: https://learn.microsoft.com/en-us/azure/aks/csi-secrets-store-driver

The system managed identity section below link is showing for vm scale set instead of aks.
So I am trying with user managed identity section.
https://learn.microsoft.com/en-us/azure/aks/csi-secrets-store-identity-access

az aks show -g devtest-large -n devtest-large-cluster --query addonProfiles.azureKeyvaultSecretsProvider.identity.clientId -o tsv  

gave me output as below value

9d0d9e08-a9f2-4085-a9d2-d61ae7624943  

So for below command template

# set policy to access keys in your key vault  
az keyvault set-policy -n <keyvault-name> --key-permissions get --spn <identity-client-id>  

Below is the value I passed, but I am getting error there.

az keyvault set-policy -n devtest-large-keyvault --key-permissions get --spn d0d9e08-a9f2-4085-a9d2-d61ae7624943  
Unable to find user with spn 'd0d9e08-a9f2-4085-a9d2-d61ae7624943'  
Unable to get object id from principal name.  

Answer 1

Hello @Uday Kiran Reddy (ureddy) ,
It seems one character is missing in your SP value ?
As per your commands above:
az aks show -g devtest-large -n devtest-large-cluster --query addonProfiles.azureKeyvaultSecretsProvider.identity.clientId -o tsv
Returned: 9d0d9e08-a9f2-4085-a9d2-d61ae7624943

But in the next command : (First number '9' is missing in the below spn)

az keyvault set-policy -n devtest-large-keyvault --key-permissions get --spn d0d9e08-a9f2-4085-a9d2-d61ae7624943

Overall command would be:

az keyvault set-policy -n devtest-large-keyvault --key-permissions get --spn 9d0d9e08-a9f2-4085-a9d2-d61ae7624943