Read Keyvault secrets from DevOps Pipeline
Question
Trying to read Key Vault from DevOps pipeline. After granting Service Connection access to Key Vault, still getting below error while reading Key Vault secrets from DevOps
Downloading secrets using: https://xx-xx-xx-kv-sit.vault.azure.net/secrets?maxresults=25&api-version=2016-10-01.
##[error] Get secrets failed.
Error: Client address is not authorized and caller is not a trusted service.
Client address: xx.xx.x1.1xx
KeyVault firewalls setup is to allow traffic through selected networks, which is VNET xx-xx-vnet-01-np
If I changed to All Networks it works fine.
If I need to DevOps to go through above VNET where to configure?
1 answers
solution1
0 2022-01-26 23:47:37
If you're using a private agent, you'll need to add the subnet containing your private agent to the list of allowed subnets.
If you're using a Microsoft-hosted agent, the best you can do is capture the agent's IP (using something like https://www.ipify.org/ ) and temporarily add it to the keyvault's IP address whitelist. It's a pain.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.