I am trying to synchronize the variables that I have azure Library with Keyvault, for this I have a SPN created added as service connector.
When I put the Keyvault and the service connector to synchronize I get a command to add permissions "get, list" for the secrets.
I add it and it still does not work having the permissions it asks for.
It may have some kind of bug? there is hardly any information in the Microsft documentation and should be something simple.
I have added permissions to the SPN in the resource group as in the Owner keyvault and it does not work.
I have created other SPN and added as service connector, adding the permissions of (Get, List) and it doesn’t work either.
2
Answers
Check the permission model. If it is set to ‘Vault access policy’ you have to use Access Policies.
If it is set to ‘Azure role-based access control’ you have to use ‘Access Control(IAM)’
The whole steps about how to link azure DevOps library to Azure key vault.
1, create a service connection, type ‘Azure Resource Manager’.
2, assign permission.
There are two situations.
First, Using ‘Vault acccess policy’:
Second, using ‘Azure role-based access control’:
Role is ‘Key Vault Secrets User’:
After the above steps, you should be able to access the azure key vault From Azure DevOps side: