![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 73%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJR%3C/text%3E%3C/svg%3E)
Azure Key Vault
Service Azure utilisé pour gérer et protéger les clés de chiffrement et autres secrets utilisés par les applications et services cloud.
Hello Jérôme Piquot,
You are receiving this error because the required RBAC role has not been assigned to the Microsoft Azure App Service resource provider.
To allow the App Service to read the certificate from Key Vault, you need to authorize the App Service by assigning it the “Key Vault Certificates User” role. Once this role is assigned, the Key Vault will grant the App Service permission to read the certificate secret.
Please follow the steps below to resolve the issue:
Retrieve the Object ID of Microsoft Azure App Service:
- Sign in to the Azure portal.
- Navigate to Microsoft Entra ID > Enterprise applications.
- Remove the filter “Application type = Enterprise applications”.
- Search for “Microsoft Azure App Service”.
- Copy the Object ID shown for this application.
Note: The Object ID is unique to each tenant, although the App ID remains the same across all tenants.
Assign the Key Vault Certificates User role:
- Go to your Key Vault resource.
- Select Access control (IAM) > + Add > Add role assignment.
- Search for the role “Key Vault Certificates User” and click Next.
- Under the Members tab, select + Select members and paste the Object ID you copied earlier.
- Select the displayed application, then click Select > Review + Assign.
After the role assignment, the Microsoft Azure App Service will have the necessary permissions to use the Key Vault certificate.