I am creating an Azure Key Vault with cognitive service and keyvault. I put the key of cognitive service in key vault secret and I want to recover this key using application settings.
Therefore, my app is unable to resolve the secret. All communication pass through private endpoint and vnet integration.
I follow all steps in this article :
Can someone can help me?
Regards
The error means the managed identity of your web app does not have permission to access the keyvault secret, if you create the keyvault with the azure CLI in the blog, make sure you use the --enable-rbac-authorization parameter.
az keyvault create --resource-group securebackendsetup --name securekeyvault2021 --location westeurope --sku standard --enable-rbac-authorization
And have assigned the Key Vault Secrets User to the managed identity.
az webapp identity assign --resource-group securebackendsetup --name securebackend2021 --scope $kv_resource_id --role "Key Vault Secrets User"
If you are using a keyvault created before, make sure the Azure role-based access control was selected in the keyvault as below in the portal.
Then assign the managed identity of the web app to the keyvault as the Key Vault Secrets User role, you can find the <managed-identity-objectId> in your web app -> Identity in the portal.
az role assignment create --role "Key Vault Secrets User" --assignee-object-id <managed-identity-objectId> --scope $kv_resource_id
