'Automation' is not listed as 'Azure Key Vault Trusted Services'

Vijay Ede 51 Reputation points
2022-03-22T06:20:44.22+00:00

'Automation' is not listed as 'Azure Key Vault Trusted Services'

While attempting to access Key Vault via Azure Automation Powershell runbook, the error is "Message: Client address is not authorized and caller is not a trusted service" How can Azure automation account/runbook be added as a trusted service to access Key Vault ?

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,147 questions
Azure Automation
Azure Automation
An Azure service that is used to automate, configure, and install updates across hybrid environments.
1,143 questions
0 comments No comments
{count} votes

Accepted answer
  1. Prrudram-MSFT 22,491 Reputation points
    2022-03-22T08:58:52.903+00:00

    Hello @Anonymous ,

    Azure automation is not part of Azure Key Vault's trusted services. Here's a list of trusted services that are allowed to access a key vault if the Allow trusted services option is enabled.

    overview-vnet-service-endpoints

    185428-image.png

    Hope this answers your question.
    (If the response was helpful please don't forget to upvote and accept as answer, thank you)


1 additional answer

Sort by: Most helpful
  1. Ravi Kanth Koppala 3,231 Reputation points Microsoft Employee
    2022-03-22T06:35:34.16+00:00

    @Anonymous ,
    Thank you for reaching out to the Microsoft Q&A platform. Happy to answer your question.

    With the error shared, I feel your azure automation account is running on a system-assigned identity. Did you create the managed identity for the Azure Automation Account? If yes, after generating the object id, you can add the object id to the key vault. The below article might assist you with the how-to-use Azure Automation Account to access the key vault.

    https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-automation-accounts-key-stores/

    If the above solution doesn't work, please share more details about the problem so that I can help you.

    ----------

    Please "Accept as Answer" and Upvote if any of the above helped so that, it can help others in the community looking for remediation for similar issues.