No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Hi! All :slightly_smiling_face: . I am trying to store <https://www.pulumi.com/registry/packages/azure-native/api-docs/keyvault/secret/|some secrets> in a previously existing keyvault using azure native. When I run `pulumi up` I get the following error:

`cannot check existence of resource '/subscriptions/SubscriptionId/resourceGroups/ResourceGroupName/providers/Microsoft.KeyVault/vaults/KeyvaultName/secrets/J7LOPKWUD2HP2WY3': status code 403, {"error":{"code":"AuthorizationFailed","message":"The client 'xxxxx' with object id 'xxxxx' does not have authorization to perform action 'Microsoft.KeyVault/vaults/secrets/read' over scope '/subscriptions/SubscriptionId/resourceGroups/ResourceGroupName/providers/Microsoft.KeyVault/vaults/KeyvaultName/secrets/J7LOPKWUD2HP2WY3' or the scope is invalid. If access was recently granted, please refresh your credentials."}}`

ARM_CLIENT_ID, ARM_CLIENT_SECRET and ARM_SUBSCRIPTION_ID are set as environment variables and tested since creating a simple python program using `azure.keyvault.secrets` and `azure.identity` they work perfect.

Could anyone assist here? What am I missing? Should I introduce extra code not using pulumi to save the secrets to a keyvault?

Finally some permissions were missing at the subscription