CODEWITHSUNDEEP
azureazure-keyvault
Bharat
Bharat

Reputation: 129

In Azure Vault through rest api when I try to create a new vault and provide access to vault to a particular application access isn't provided?

I have used Azure vault Rest API and used "try it" option on this page

https://learn.microsoft.com/en-us/rest/api/keyvault/vaults/createorupdate#uri-parameters.

I logged in as a user. And using this API trying to create a vault and have provided access to an application registered on the azure app under same tenant.

The problem I am facing is vault is created and access also granted to the application but the type is not listed in Access policy for the application. But If create using Portal type "Application" is mentioned. Due to that, I guess there is an access problem. That application when it tries to access vault it is throwing access denied.

{  "location": "East US", 
   "properties": {
        "tenantId": "actualtenantid",
        "sku": {
          "family": "A",
          "name": "standard"
    },"accessPolicies": [{        
        "tenantId": "actualtenantid",
        "objectId": "objecidofappregistedinazureportal",
        "permissions": {
          "keys": [
            "encrypt",
            "decrypt",
            "wrapKey",
            "unwrapKey",
            "sign",
            "verify",
            "get",
            "list",
            "create",
            "update",
            "import",
            "delete",
            "backup",
            "restore",
            "recover",
            "purge"
          ],
          "secrets": [
            "get",
            "list",
            "set",
            "delete",
            "backup",
            "restore",
            "recover",
            "purge"
          ],
          "certificates": [
            "get",
            "list",
            "delete",
            "create",
            "import",
            "update",
            "managecontacts",
            "getissuers",
            "listissuers",
            "setissuers",
            "deleteissuers",
            "manageissuers",
            "recover",
            "purge"
          ]
        }
      }]}}

enter image description here

Upvotes: 0

Views: 252

Answers (1)

Bharat
Bharat

Reputation: 129

I have found the solution.

How do I fix an "Operation 'set' not allowed" error when creating an Azure KeyVault secret programmatically?

The issue was I was using object id of application which is displayed in the portal in-app registration. But here object ID refers to object id of principal and not an application.

Upvotes: 1

Related Questions