question

CasperRubaek avatar image
0 Votes"
CasperRubaek asked SaurabhSharma-msft commented

Azure Resource Manager API - can't create Keyvault

I am trying to create a KeyVault using the Azure Resource Manager API.
I can successfully create other services such as API Management, but KeyVault always fails with "sku is invalid" when I use the API, even though I send the family property with the API request as well.

I have also tried creating the KeyVault using the Azure.ResourceManager.KeyVault SDK, but this does not complete as well. It does not throw any error or say what the issue is and my .Net Core console app returns with Success code 0.

What could be the reason behind this?

azure-key-vault
· 7
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @casperrubaek,

Thanks for using Microsoft Q&A !!
For REST API issue can you please check if you are passing the headers and other values properly as mentioned here. How are you acquiring the access token ? Also, Please check if you are getting the access token for data-plane endpoint - https://{vault-name}.vault.azure.net.
I suggest you to please go through Azure REST API documentation for steps to call a Azure REST API endpoint.
Also, refer to this page on using the Azure Key Vault REST API request endpoint details.

0 Votes 0 ·

Also, for SDK issue, could you please provide code snippet to identify the root cause. Are you referencing any documentation for the same ? Can you please try to use the Microsoft.Azure.Management.KeyVault namespace for the same. Reference - Creating and Managing Key Vaults


0 Votes 0 ·

@SaurabhSharma-msft I am trying to create the key vault using this code, I can authenticate correctly with DefaultAzureCredentials since in some other of my code I can get the names of my resource groups.
However this code fails because I can't understand how to create the Access Policy in the SDK.
Can you provide some sample code that works with the scenario of creating a new key vault resource?
I am using the Azure SDK: Azure.ResourceManager.Keyvault.

99501-image.png


0 Votes 0 ·
image.png (162.8 KiB)
Show more comments

1 Answer

SaurabhSharma-msft avatar image
0 Votes"
SaurabhSharma-msft answered SaurabhSharma-msft commented

@CasperRubaek You need to add permissions like below -
permissions = new Permissions { Secrets = new SecretPermissions[] { new SecretPermissions("get") } };
Also, you need to pass access policy object as a List to Vault Properties like below -
var vaultProperties = new VaultProperties(tenantId, new Sku(SkuName.Standard))
{
AccessPolicies = new List<AccessPolicyEntry>
{
accessPolicyEntry
}
};
Also, you need to use WaitForCompletionAsync() which polls server to know when Key Vault create operation succeeds.
Please find below the updated code to create a Key Vault -

 Sku sku = new Sku(SkuName.Standard);
                 Permissions permissions = new Permissions()
                 {
                     Secrets = new SecretPermissions[] { new SecretPermissions("get") }
                 };
                 AccessPolicyEntry accessPolicyEntry = new AccessPolicyEntry(tenantId, objectId, permissions1);
                 var vaultProperties1 = new VaultProperties(tenantId, new Sku(SkuName.Standard))
                 {
                     AccessPolicies = new List<AccessPolicyEntry>
                     {
                         accessPolicyEntry1
                     }                    
                 };
    
                 VaultCreateOrUpdateParameters vaultCreateOrUpdateParameters = new VaultCreateOrUpdateParameters(region, vaultProperties1);
                 var rawResult = await vaults.StartCreateOrUpdateAsync(rgName, vaultName1, vaultCreateOrUpdateParameters);
                 var vault1 = (await rawResult.WaitForCompletionAsync()).Value;

I have tested this and it works fine in my local.
Also, please refer to this sample code for your reference to use Azure .NET SDK to create KeyVault.
Please let me know if you have any questions.

Thanks
Saurabh


Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.

· 6
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for the provided example code.
I have tried using it and it still does not work
It runs without any error but it does not wait for completion and just terminates the program with exit code 0 for success.
It is being run inside an async method that is called with await.

0 Votes 0 ·

@casperrubaek As the sample code is using try catch you may not be getting the actual error. Also, have you tried the above shared code without any try/catch ? Please try to debug the code and share with me the error you are getting so that we can investigate it further.

Thanks
Saurabh

0 Votes 0 ·

@SaurabhSharma-msft

I have fixed the problem now, it works as expected, the vault is created. The reason was that I had to run the main() method as async Task:
static async Task Main(string[] args)

If others are having the same problem.

1 Vote 1 ·
Show more comments