This message was deleted.
# azures
sparse-intern-71089
05/02/2021, 9:36 AMThis message was deleted.
b
better-shampoo-48884
05/02/2021, 9:38 AMThe only thing I can think of is to grant the user running the pulumi program Key Vault Administrator to the keyvault - but that doesn't fit too well with being able to run pulumi operations from multiple users
better-shampoo-48884
05/02/2021, 9:41 AMcould it simply be that it's refering to a key that doesn't exist? I noticed that the key in the keyvault has capital letters in the suffix (aks-des-key-ReDsjieE) versus the message (aks-des-key-redsjiee). Either the message is lowercasing for fun, or there's some silent conversion going where it accepts uppercased characters for creation and automatically lowercases it for the deletion?
better-shampoo-48884
05/02/2021, 9:46 AMnope. manually gave myself Key Vault Admin priveleges and then destroy was able to delete it. Any suggestions on best practices to avoid this kind of a lock-out when spinning up/tearing down environments?
t
tall-librarian-49374
05/02/2021, 9:52 AMI believe that’s a feature of Key Vault - you have to grant access to yourself
b
better-shampoo-48884
05/02/2021, 6:51 PMit's a bit strange that I can create keys without doing so though. anyway, will find a way of working around that in the future.. but still strange that I haven't encountered this previously - though I can't actually guarantee that I've performed a destroy in this way.
s
some-flower-64874
05/04/2021, 1:33 PMI'm fairly certain it is deliberate (having run round this loop) - because keys are the sort of thing you really don't want to delete accidentally the default permissions are set up to protect you from yourself. Its like the change to soft-delete being the only option.
b
better-shampoo-48884
05/04/2021, 2:53 PMYeah. likely. Guessing I'm going to have to figure out a way to automatically grant the credentials running pulumi permissions on the keyvault whenever they run.
8 Views