question

TaranjeetMalik-9369 avatar image
0 Votes"
TaranjeetMalik-9369 asked sikumars-msft answered

The key vault must have GET permissions on secret + Error While Configuring Application Gateway Listener

Hi

I'm trying to add a Basic type listener to an Application Gateway instance. While doing so, I wish to choose an SSL Certificate stored in a Key Vault that has access policy configured to allow Get and List permissions to the user-assigned managed identity that I'm picking from the drop-down in the blade when configuring the listener through Azure portal. However, the Key Vault field is an error "The key vault must have GET permissions on secret" though I'm able to pick the required certificate from the next drop-down.

The error is quite misleading as it states that the Key Vault needs access to the secret, whereas the MS documentation states that the user-assigned managed identity needs access to the certificate / secret, which makes sense.

I have enabled Network Service Endpoint to only Application Gateway subnet to talk to Kay Vault and have added the App Gateway Subnet to allowed list of networks on Key Vault's Networking section.

Attached is the screenshot of the error.132946-key-vault-error-1.png




azure-key-vaultazure-application-gateway
key-vault-error-1.png (334.5 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for reaching out.

I am testing above scenario in my lab, will update you with my findings. Thanks .

1 Vote 1 ·
TaranjeetMalik-9369 avatar image
1 Vote"
TaranjeetMalik-9369 answered TaranjeetMalik-9369 edited

Hi @sikumars-msft just tested that in the Key Vault access policy, if in addition to the Certificate permissions, I assign Get and List permissions on the Secret permissions field, the issue gets resolved. Just so if someone else gets stuck here.

133228-key-vault-error-resolved.png



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

sikumars-msft avatar image
0 Votes"
sikumars-msft answered

Glad that you were able to fix the issue and thanks for using Microsoft Q&A community.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.