Reputation: 319
Azure web app key vault exception when recycled
We have several ASP.NET Core web apps that use the Azure Key Vault.
This works well through all manual restarts, but when the web app is recycled automatically by Azure it does not start successfully due to a "KeyVaultErrorException: Client address is not authorized and caller is not a trusted service".
Restarting manually then works correctly. We have appinitialization turned on.
I realize that multiple instances would mitigate this, but how can we have the app successfully restart when recycled by Azure?
Edit: The key vault is setup using the "Add connected services" through Visual Studio 2019, via the Microsoft.AspNetCore.AzureKeyVault.HostingStartup package v2.0.4
Upvotes: 0
Views: 174
Answers (1)
Reputation: 42123
Navigate to the keyvault in the portal -> Networking, make sure you select the Allow access from All networks.
Or if you select the Private endpoint and selected networks, try to add all the Additional Outbound IP Addresses to the firewall.
Upvotes: 1
Related Questions
- "Key vault reference error" in azure web app configuration setting
- Key Vault reference in Azure App Service doesn't resolve
- Not able to get Azure Key-Vault working in app when deployed to Azure
- Authentication to Azure Key Vault from an app service fails
- Azure Application Access Only Key Vault Keys
- App Service Key Vault Reference breaks when re-deploying ARM template
- Azure Key Vault with App Service connection error
- “Key vault access denied” in azure web app configuration setting
- Azure Key Vault Service Principle Authentication Failing
- Unable to connect to Azure Key Vault from Azure Web App