stackoom
  简体   繁体   中英

Azure Devops - enable access to keyvault

 原文  2020-05-12 17:07:09       azure/ key/ terraform/ devops

Question

I'm using the Microsoft Extension to access KeyVaults from Azure DevOps to fetch a secret from the vault. I'm getting this error message which appears to say that I need to allow rights the Azure Devops agent access to the keyvault. "Could not fetch access token for Managed Service Principal. Please configure Managed Service Identity (MSI) for virtual machine ' https://aka.ms/azure-msi-docs '. Status code: 400, status message: Bad Request""

I have this running on a separate test subscription where the AzureDevOps account has contributor access under Role Assignments, same on the PROD subscription where the error message is coming up.

Any insights would be greatly appreciated.

THanks,

1 answers

solution1
 0 ACCPTED  2020-05-18 20:54:29

This seems to be an issue with Azure keyvaults defined with service endpoints. As Azure DevOps is not a trusted service it does not have access to the endpoint. The workaround is to whitelist the ip of the agent right from the pipeline, removing it after you've obtained the secrets(figuring out how to do this now). This is referenced in here and here

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Unable to access keyvault from Azure DevOps from a different resource description Azure ARM template keyvault override in Azure DevOps Azure KeyVault: SPN KeyVault Access Denied How to get keyvault secret output in Azure DevOps Azure DevOps CI Pipeline for Function with KeyVault integration How link Azure Devops Library to KeyVault Apparent delay in Azure KeyVault access Azure Keyvault 'unknown' access policy Token Refresh to Azure KeyVault Access Add/get secret to Azure Keyvault with Azure powershell task in Azure devops
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM