New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Azure KeyVault Extension for PowerShell Secret Management requires Azure Resource Read Permission to create Secrets. #17712
Comments
I am also having this issue. |
Perhaps @SteveL-MSFT can provide some insight? |
Hi @bebravosch , Seems like this is an issue from PowerShell Secret Management. It should be
Otherwise, this command always checks secret whether exists before write secret. Could you provide HTTP payload by setting |
@BethanyZhou running @DebugPreference = "Continue" before executing the commands returns nothing. Here is the output for when I attempted to run it. At the bottom is the command to create the Secret. PS C:\WINDOWS\system32> $DebugPreference = "Continue" Name ModuleName IsDefaultVault MyKVTest Az.KeyVault False PS C:\WINDOWS\system32> Connect-AzAccount
|
Hi @bebravosch , thanks for your quick response. What's the http request and response of running? Its important information for us.
|
It will be available on April 26. Close it now. |
Description
When a user tries to create a Secret in KeyVault using the PowerShell Secret Management it fails if the user doesn't have Read Role Assignment over the Azure Resource in addition to KeyVault Access Policy Secret permission. Creating the Secret using Az.KeyVault Set-AzKeyVaultSecret cmdlet works without needing this Read Role Assignment over the Azure Resource. Once Read Role Assignment has been provided, the user is able to create the secret using the Secret Management Extension, other actions such as Get-Secret work without this Role Assignment.
Issue script & Debug output
Environment data
Module versions
Error output
The text was updated successfully, but these errors were encountered: