This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 23%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello,
I'm following this tutorial, https://learn.microsoft.com/en-us/training/modules/manage-deployments-advanced-arm-template-features/5-secure-parameters-exercise?pivots=powershell
Exercise - Manage secrets in your ARM template (Step 5 of 11).
When I run this command,
$secret = Set-AzKeyVaultSecret -VaultName $KVNAME -Name vmPassword -SecretValue $secretSecureString
I keep receiving this error message:
Set-AzKeyVaultSecret: Operation returned an invalid status code 'Forbidden'
Code: Forbidden
Message: Caller is not authorized to perform action on resource.
If role assignments, deny assignments or role definitions were changed recently, please observe propagation time.
Caller: appid=1950a258-227b-4e31-a9cf-717495945fc2;oid=659d6d0f-5e65-4d1c-adc0-4e5e67ec01d6;iss=https://sts.windows.net/604c1504-c6a3-4080-81aa-b33091104187/
Action: 'Microsoft.KeyVault/vaults/secrets/setSecret/action'
Resource: '/subscriptions/98c352d6-87e8-4a90-a2bb-2aef2de263c2/resourcegroups/learn-6eb2df08-bb1b-4d1a-8177-0d624481ac2b/providers/microsoft.keyvault/vaults/tailwind-secrets806093/secrets/vmpassword'
Assignment: (not found)
DenyAssignmentId: null
DecisionReason: null
Vault: tailwind-secrets806093;location=westus
What am I doing wrong? I followed the exact instructions in the exercise.
This question is related to the following Learning Module
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 86%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi Andrew Aran,
Thank you for reaching out to us on the Microsoft Q&A forum.
We are looking into the issue, and we will get back to you soon.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 70%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Hi Andrew Aran,
Thank you for reaching out to Microsoft Q & A forum.
It seems like you are facing an issue with Set-AzKeyVaultSecret. The error message "Operation returned an invalid status code 'Forbidden'" indicates that the operation you are trying to perform is not authorized.
This could be due to incorrect credentials or insufficient permissions.
To resolve this issue, you can try the following steps:
1.Check if you have provided the correct credentials for your account. Make sure that the account name and key are correct.
2.Verify that you have sufficient permissions to perform the operation. You can check the role-based access control (RBAC) settings for your account to ensure that you have the necessary permissions.
3.Check if there are any network or firewall issues that might be blocking the request. You can try to access from a different network or machine to see if the issue persists.
please see: Assign a Key Vault access policy (legacy): https://go.microsoft.com/fwlink/?linkid=2125287
After updating permission, you were able to access the Key Vault without any authorization error.
If you have any other questions or are still running into more issues, please let me know.
If you've found the provided answer helpful, please click the "Upvote" button. This will be beneficial to other members of the Microsoft Q&A forum community.
Thank you.
Thanks @SiddeshTN!I was able to resolve my issue by investigating item #2.
I went back to my KeyVault and changed the Permission Model from Azure role-based access control to Vault access policy.
Then I created an Access Policy and gave myself full Secret permissions:
I re-ran the Set-AzKeyVaultSecret command to create a secret in the key vault successfully
$secret = Set-AzKeyVaultSecret -VaultName $KVNAME -Name vmPassword -SecretValue $secretSecureString
Thank you for pointing me in the right direction. I hope this helps anyone with a similar issue.
I used the Q&A as a reference: https://learn.microsoft.com/en-us/answers/questions/1489283/how-do-i-use-access-control-page-now-that-vault-ac
Thanks,
Andrew
Hi Andrew Aran,
We're glad to know that your issue has been resolved. please click the "Accept Answer" button. This will be beneficial to other members of the Microsoft Q&A forum community.
Thank you.