https://pulumi.com logo
#azure
Title
# azure
l

late-dentist-12980

01/05/2024, 9:26 AM
Hi! All 🙂 . I am trying to store some secrets in a previously existing keyvault using azure native. When I run
pulumi up
I get the following error:
cannot check existence of resource '/subscriptions/SubscriptionId/resourceGroups/ResourceGroupName/providers/Microsoft.KeyVault/vaults/KeyvaultName/secrets/J7LOPKWUD2HP2WY3': status code 403, {"error":{"code":"AuthorizationFailed","message":"The client 'xxxxx' with object id 'xxxxx' does not have authorization to perform action 'Microsoft.KeyVault/vaults/secrets/read' over scope '/subscriptions/SubscriptionId/resourceGroups/ResourceGroupName/providers/Microsoft.KeyVault/vaults/KeyvaultName/secrets/J7LOPKWUD2HP2WY3' or the scope is invalid. If access was recently granted, please refresh your credentials."}}
ARM_CLIENT_ID, ARM_CLIENT_SECRET and ARM_SUBSCRIPTION_ID are set as environment variables and tested since creating a simple python program using
azure.keyvault.secrets
and
azure.identity
they work perfect. Could anyone assist here? What am I missing? Should I introduce extra code not using pulumi to save the secrets to a keyvault?
Finally some permissions were missing at the subscription