question

HanamantSMalakagond-5340 avatar image
0 Votes"
HanamantSMalakagond-5340 asked SumanthMarigowda-MSFT commented

Error while creating the storage account

I have existing Subscription(AAA) ,Keyvault(BBB) - created new KEY (CCC) for keyvault BBB .
I have created managed identity(DDD) and assigned Owner role for subscription(AAA) and administrative privilege's to the keyvault(BBB).
I am creating new storage account with Encryption type as "Customer-Managed keys(CMK)"& selected keyvault BBB & key CCC for "Keyvault and key" option & selected Managed identity (DDD) for user assigned identity.
When I click on create i am getting "The operation failed because of authentication issue on the keyvault" error message anything missing here ?

azure-storage-accountsazure-key-vault
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

SumanthMarigowda-MSFT avatar image
0 Votes"
SumanthMarigowda-MSFT answered SumanthMarigowda-MSFT commented

@HanamantSMalakagond-5340 Welcome to Microsoft Q&A Forum, Thank you for posting your query here.

For better understanding the issue: can you please provide the more information on your query.

  • Can you please share the screenshot of the error message?

  • I assume you are creating the azure storage account through Portal am correct? (ARM, Powershell, CLI and more)?

  • Can you also check have provided Azure Storage contributor role access in Access control (I AM) *([Key vault )][2]

Please refer to this thread, which provides some idea on your query

How-to use customer-managed keys with Azure Key Vault and Azure Storage encryption using ARM Template

Key Vault :RBAC permission model will not work with CMK for storage account encryption. The recommendation is to make use of the Access Policies permission model

Looking forward for your reply


Please do not forget to 200693-screenshot-2021-12-10-121802.png and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.


[2]: https://docs.microsoft.com/en-us/azure/key-vault/general/security-features


· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I Didn't added access policies for my user managed identity so that's what causing this problem. Post providing the access it's resolved thank you.

0 Votes 0 ·
SumanthMarigowda-MSFT avatar image SumanthMarigowda-MSFT HanamantSMalakagond-5340 ·

@HanamantSMalakagond-5340 Glad to know that issue got resolved, can you Please do not forget to 202279-screenshot-2021-12-10-121802.png and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.



0 Votes 0 ·