I have the same issue, the only difference is I am using a system-assigned identity and on the key vault, access is through RBAC. The key vault key officer role is granted to system-managed identity, which is verified too.
It is not yet solved.
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I am trying to create a storage account with CMK and using a user-assigned managed identity. The Terraform script I am using looks correct but running it throws this error and not sure why. The error message is not clear. I uploaded my tf file here for debugging.
If we assigned both "UserAssigned" and "SystemAssigned" as identities to a storage account which one is used for performing the encryption. What is the user for having both types of identities assigned to a storage account encryption?
If we assign a "UserAssigned" Identity, then this identity should have access to get/wrap/unwrap the encryption key from the vault (thru vault policies). Is this enough for this use case. Is there any additional permission given to the storage account?
I have the same issue, the only difference is I am using a system-assigned identity and on the key vault, access is through RBAC. The key vault key officer role is granted to system-managed identity, which is verified too.
It is not yet solved.
I'm having same issue, as there been any movement on this?