No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Hi, I am trying to get an Azure KeyVault Secret in Pulumi stack.
I know that ARM API doesn't allow to do that, therefore we need to use "Data SDK". <https://github.com/pulumi/pulumi-azure-native/issues/1422|Here> it's mentioned that we can use `GetClientConfig`  and `GetClientToken`  together with correct SDK to get it working. However, it seems that the token returned from `GetClienToken`  has different audience. When I run the code, I get an error:
```{"error":{"code":"Unauthorized","message":"AKV10022: Invalid audience. Expected <https://vault.azure.net>, found: <https://management.azure.com/>."}}```
I understand the message, however I am wondering how to get a token with correct audience. Any suggestions ?

i’m able to get an azure keyvault secret in my pulumi stack …

probably should ask this in <#CRVK66N5U|azure>