Reputation: 11
Users of PowerApp can't get secret from azure key vault (through Power Automate)
For a azure keyvault connection in Power Automate I am using an app registration. Users of a PowerApp I made can't seem to get secrets from the azure key vault unless I give them access to the keyvault. I was hoping adding the users to the acces policies in the keyvault would be enough. Is there a way to let users get secrets in a PowerApp (through Power Automate) without giving them full access to the keyvault?
I am trying to do something similar as this
Upvotes: 1
Views: 1177
Answers (1)
Reputation: 3311
You could grant them the "get" permission only on secrets:
az keyvault set-policy --name myvault --secret-permissions get --upn <user ID/email>
However, a better approach might be to run your application as a service principal (or have middleware service that does - really depends on why users need access to the secrets) and it contact Key Vault directly. That service principal should be given minimal rights - basically the same command as above, except using --spn instead of --upn.
Upvotes: 0
Related Questions
- Either this secret is disabled or you do not have the "Get" secret permission
- PowerBI - Power Query Fetch credentials from Azure Vault
- The user, group or application does not have secrets get permission on key vault
- Cannot set secret value in Azure Key Vault
- Azure Key Vault: Secret not found error
- Azure Key Vault portal not showing secrets
- Fail to get secret from Azure Key Vault using user-assigned identity
- Unable to access Azure Key vault secret in a powershell script running on Azure Devops
- Not able read Azure Key Vault's secret key through windows application
- Error retrieving key vault secret from Azure Powershell Function app