Hello everyone and welcome to my blog. In today’s blog we will discuss how to resolve access issues when you try to add a certificate or a secret to Azure Key Vault.
Let’s jump to the problem statement. So I was trying to add a certificate to my Azure Key vault. However when I tried to import the certificate, I got the following error.
Caller is not authorized to perform action on resource. DecisionReason: 'DeniedWithNoValidRBAC' Vault: xrmforyouvault;location=eastusThe error was little more verbose than the above but I have only mentioned the important parts in the error.
It was quite surprising because I was logged in with a user who has rights to create resources in Azure AD tenant.
After exploring a bit, I realized that the user need to have a certain role assignment to add a secret or a certificate to Azure key vault. Let’s explore that.
Click on Access control (IAM) on the navigation pane.
Click on the button ‘Add role assignment’.
Choose Key vault administrator from the list of available role assignments.
Add yourself to the members list.
Click on the Review + assign button at the bottom to complete the role assignment process.
Once the role assignment is added, allow 10-15 mins for the role propagation to complete. After that when you try to add a certificate or secret, this time you should sail through without any errors.
I hope this helped. If you have liked the post and if this post has helped you, please subscribe to my blog.
Debajit Dutta