question

johnjohn-0472 avatar image
0 Votes"
johnjohn-0472 asked SaurabhSharma-msft commented

Unable to create Azure Key Vault secret inside our Microsoft Partner centre. “The operation ”Set“ is not enabled in this key vault's access policy.”

We are managing our customers' azure subscriptions using Microsoft Partner Center >> and using a username I create a new Azure Vault for a customer>> but when I tried to create a new Secret inside the Azure Vault , I got this error:-

The operation "Set" is not enabled in this key vault's access policy.

93528-seterror.png

now when I access the Key Vault >> Access Policy >> I am unable to add the login username which I used to create the Key Vault inside the Key Vault access policy, where I am only able to add the office 365 admin:-

93460-error-getlist.png

so any advice why i am able to create a new Key Vault, while i am unable to add Secrets inside it?


azure-key-vault
seterror.png (17.5 KiB)
error-getlist.png (38.2 KiB)
· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @johnjohn-0472,

Thanks for using Microsoft Q&A !!
Have you created your Azure Key Vault using PowerShell ? Also, are you using the same account to access the key vault as you have used to create the Key vault. Can you try adding the access policy using PowerShell cmldets -

Set-AzureRmKeyVaultAccessPolicy -VaultName <keyvaultname> -UserPrincipalName <upn> -PermissionsToKeys all -PermissionsToSecrets all

Thanks
Saurabh

0 Votes 0 ·

@SaurabhSharma-msft i tried to run this command:-

 PS C:\WINDOWS\system32> Set-AzureRmKeyVaultAccessPolicy -VaultName "RemoteEventReceivers" -UserPrincipalName "****@***group.onmicrosoft.com" -PermissionsToKeys create,import,delete,list -PermissionsToSecrets set,delete -PassThru



But i got this errro:-

WARNING: Because the Az modules have all the capabilities of AzureRM modules and more, we will retire the AzureRM
modules on 29 February 2024. Learn more about the migration to Az: http://aka.ms/azpsmigrate.
Set-AzureRmKeyVaultAccessPolicy : 'this.Client.SubscriptionId' cannot be null.
At line:1 char:1
+ Set-AzureRmKeyVaultAccessPolicy -VaultName "RemoteEventReceivers" -Us ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Set-AzureRmKeyVaultAccessPolicy], ValidationException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.KeyVault.SetAzureKeyVaultAccessPolicy

0 Votes 0 ·

@johnjohn-0472 Can you please check if subscriptions are available in the current context for you by using the cmd - Get-AzureRmSubscription. Then use Select-AzureSubscription -Current -SubscriptionName <SubscriptionName> to set the required subscription before running the above command.

0 Votes 0 ·
Show more comments

0 Answers