not able to access Azure Key Vault from ADF

Question

Hello,

I have created a Key Vault and a Secret token. Provided access policies to the ADF Managed Identity principle.
Now In ADF, when I try to connect to Key Vault using a Web Activity I am getting below error

Get access token from MSI failed for Datafactory ADF-INF, region eu. Please verify resource url is valid and retry. Details: Failed to get MI access token. The error message is: Acquire MI token from AAD failed. ErrorCode: invalid_resource, Message: AADSTS500011: The resource principal named https://kv-xxx.vault.azure.net/ was not found in the tenant named 843e946b-e615-4940-xxxx-xxxx3f7f1353. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant. Trace ID: 0c5e5a32-6211-46b4-bc12-565240831d00 Correlation ID: fc1b8ec5-c055-4b94-a5ec-0e8d40748f54 Timestamp: 2021-09-17 03:20:55Z.

I did not understand what the issue is. Can someone please help me on this issue?

Thanks

Answer 1

Hi @sachin gupta ,

Thanks for using Microsoft Q&A !!
I believe you are not passing the correct Resource value to the web activity. You need to pass https://vault.azure.net instead of the passing your actual keyvault name e.g. https://kv-xxx.vault.azure.net/ . I have checked it my end and it works fine. Please find the below gif for your reference where I have used Get Keyvault Secrets Rest API using Managed Identity.

Please let me know if you have any questions.

Thanks
Saurabh

----------

Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.

Answer 2

@Saurabh Sharma .... Hello, you can ignore my comment for another issue. I am able to fix it.