Home > Software engineering >  MSINotEnabled - Can't use KeyVault Reference in Azure Function
MSINotEnabled - Can't use KeyVault Reference in Azure Function

Time:06-02

I'm trying to use a User Assign Managed Identity to retrieve access in KeyVault reference in Azure Function.

enter image description here

I'm following this doc https://docs.microsoft.com/en-us/azure/app-service/app-service-key-vault-references?tabs=azure-cli#:~:text=you haven't already.-,Configure,-the app to to reference the keyvault in the application configuration.

I followed these steps:

  1. Created User Assign Managed Identity.

  2. Created a policy in Keyvault and gave permissions GET and LIST to User Assign Managed Identity.

  3. Set the User Assign Managed Identity in Azure Function Identity

  4. Set properties application setting like this:

  • mysecureapp - @Microsoft.KeyVault(SecretUri=https://mykv.vault.azure.net/secrets/mysecret/id)
  • keyVaultReferenceIdentity - /subscriptions/subsid/resourceGroups/rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/mgid

Any thoughts on this?

CodePudding user response:

just found that when the keyVaultReferenceIdentity property is created in the Function using the portal our IaC (App Settings), it doesn't recognize the User Assigned identity as the one to authenticate in KeyVault, but if you run the PATCH described in the following link using PowerShell, it works.

https://docs.microsoft.com/en-us/azure/app-service/app-service-key-vault-references?tabs=azure-powershell#access-vaults-with-a-user-assigned-identity

it should be enough to the reference to KeyVault works

CodePudding user response:

I hope you already done all the steps. But one thing you may missed i.e.,

  • you have to enable the system-assigned identity for your application.

This error MSINotEnabled comes mostly during the absence of a managed Identity for your application, and it clearly says i.e., System assigned Managed identity.

Refer to this medium article where we will find the troubleshooting steps had given along with all these kind of errors with resolutions were described.

  • Related