Azure Keyvault 本地问题

Question

I've been using Keyvault for a while with Managed Identity. But for this project I'm getting weird results when developing locally.

For some reason, if I do not have ExcludeManagedIdentityCredential = true, when developing on my local machine, it throws an error and will not get a secret. If I add that flag, it uses my visual studio credentials like it is supposed to.

Very confused why I would have to add that flag as I never have before.

    using AzureEventSourceListener listener = AzureEventSourceListener.CreateConsoleLogger();

    DefaultAzureCredentialOptions options = new DefaultAzureCredentialOptions()
    {
        Diagnostics =
            {
                LoggedHeaderNames = { "x-ms-request-id" },
                LoggedQueryParameters = { "api-version" },
                IsLoggingContentEnabled = true,
                IsAccountIdentifierLoggingEnabled = true,

            },
            ExcludeManagedIdentityCredential = true
    };
    var client = new SecretClient(new Uri(xxx), new DefaultAzureCredential(options));

Error:

Not sure why it is even trying managed identity locally, and why it doesn't fail and continue to use visual studio identity.

Summary: Works fine in cloud, and works fine local when adding ExcludeManagedidentityCredential = true. Not sure why I need that flag locally.

Answer 1

I think this is your problem: https://github.com/Azure/azure-sdk-for.net/issues/28218

Try downgrading Azure.Identity to 1.4 (if possible) to see if the problem continues to reproduce.

Answer 2

You must assign a Key Vault access policy for the user logged in Visual Studio. Please see: Assign a Key Vault access policy , but on the step with "Select principal*" select the user instead of an app managed identity

Answer 3

Did you always set this to true?

IsAccountIdentifierLoggingEnabled = true

Set the above to false and see if it works locally without need for setting ExcludeManagedIdentityCredential to true.