@VD , Thanks for reaching out.
An AccessToken must be obtained with appropriate audience as shown below in scope for Key Vault:
scope : https://vault.azure.net/.default
An easy way to check if the same AccessToken can be used, go to https://jwt.ms/ and decode token which obtained for DB connection and verify token was acquired for vault.azure.net audience as shown below, if not then obtain a new token by using ClientSecretCredential (Azure.Identity).
------------------------------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.