...
In Azure Key Vault, the user assigned identity has to be assigned the "Key Vault Secrets User". See the following example on how this can be done.
If the assigment was done correctly, it should look similar to this:
If not correctly assigned, you will get an error like:
| Code Block |
|---|
"{"error":{"code":"Forbidden","message":"Caller is not authorized to perform action on resource.\r\nIf role assignments, deny assignments or role definitions were changed recently, please observe propagation time.\r\nCaller: appid=09325589-1bbf-4b3c-bce5-77ca17486d10;oid=d7bd2904-54bb-480c-8019-20fcf772cd1c;iss=https://sts.windows.net/15f3fe0e-d712-4981-bc7c-fe949af215bb/\r\nAction: 'Microsoft.KeyVault/vaults/secrets/getSecret/action'\r\nResource: '/subscriptions/697b5160-f2bb-46a0-aec8-30a32e201ddd/resourcegroups/fews-fss-scaling/providers/microsoft.keyvault/vaults/fews-fss-scaling-kv/secrets/databaseurlwithusernameandpassword'\r\nAssignment: (not found)\r\nDenyAssignmentId: null\r\nDecisionReason: 'DeniedWithNoValidRBAC' \r\nVault: fews-fss-scaling-kv;location=westeurope\r\n","innererror":{"code":"ForbiddenByRbac"}}}" at com.azure.core.implementation.http.rest.RestProxyBase.instantiateUnexpectedException:345 |
Configure Delft-FEWS Components to use Azure Key Vault
...