Trying to read Key Vault from DevOps pipeline. After granting Service Connection access to Key Vault, still getting below error while reading Key Vault secrets from DevOps
Downloading secrets using: https://xx-xx-xx-kv-sit.vault.azure.net/secrets?maxresults=25&api-version=2016-10-01.
##[error] Get secrets failed.
Error: Client address is not authorized and caller is not a trusted service.
Client address: xx.xx.x1.1xx
KeyVault firewalls setup is to allow traffic through selected networks, which is VNET xx-xx-vnet-01-np
If I changed to All Networks it works fine.
If I need to DevOps to go through above VNET where to configure?
If you're using a private agent, you'll need to add the subnet containing your private agent to the list of allowed subnets.
If you're using a Microsoft-hosted agent, the best you can do is capture the agent's IP (using something like https://www.ipify.org/ ) and temporarily add it to the keyvault's IP address whitelist. It's a pain.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.