adventurous-mechanic-24805
10/24/2022, 9:07 AMKey Vault Crypto Officer
and Key Vault Secrets Officer
to the objectId, but I cannot set it somehow.
After running Pulumi using azure-pipelines, everytime I go to Secrets tab in Key vault, I see the following error:
The operation is not allowed by RBAC. If role assignments were recently changed, please wait several minutes for role assignments to become effective.
How can I make it visible with the objectId?ripe-russia-4239
10/24/2022, 9:32 AMKey Vault Crypto Officer
and Key Vault Secrets Officer
are Azure Active Directory roles, not built-in Key Vault roles. You will need to:
1. Set enableRbacAuthorization
to true on the Key Value Properties (see here)
2. Add your user account/service principal/managed identity to the two Key Vault roles using authorization.RoleAssignment. Note the RoleAssignmentName
property is a GUID/UUID, not the human-readable name. You can get the values for this property from the Azure docs.
3. Remove the access policy defintion from the key vaultadventurous-mechanic-24805
10/24/2022, 11:39 AMripe-russia-4239
10/24/2022, 12:50 PM