Encrypt existing storage account using customer managed key via ARM template

Anonymous
2022-09-06T07:50:17.843+00:00

Hi,

I'm using Azure Lighthouse and there is a limitation that we cannot perform data action via MSP credentials in customer subscription.
I have a requirement to encrypt Storage account with customer managed key via ARM Template.

I found some solution which shows to create storage account first and then encrypt however our requirement is to read existing storage account (created via MSP) and encrypt with CMK since we have setup ARM permission in KeyVault.

VM encryption is working fine via ARM and got stuck in storage account.

Thanks in advance..!

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,286 questions
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,172 questions
{count} votes

1 answer

Sort by: Most helpful
  1. JamesTran-MSFT 36,626 Reputation points Microsoft Employee
    2022-09-22T18:16:26.227+00:00

    @RakeshSharma-8583
    Thank you for your time and patience on this!

    From your screenshot, can open the Failed to grant access to Key Vault message and see if there's a full error message?
    243889-image.png

    You can also try to get the full error message by Collecting a network trace with Fiddler, or by using the built-in network trace feature in your browser. Please keep in mind that a network trace contains the full contents of every message sent. Never post raw network traces from production apps to public forums.

    A key thing to look out for when using Fiddler or your browser is any 401, 403, or 429 error codes that you might be getting when trying to grant access to the Key Vault.

    Additional Link:
    Common error codes for Azure Key Vault

    If you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.