I'm trying to use a User Assign Managed Identity to retrieve access in KeyVault reference in Azure Function.
I'm following this doc https://docs.microsoft.com/en-us/azure/app-service/app-service-key-vault-references?tabs=azure-cli#:~:text=you haven't already.-,Configure,-the app to to reference the keyvault in the application configuration.
I followed these steps:
Created User Assign Managed Identity.
Created a policy in Keyvault and gave permissions GET and LIST to User Assign Managed Identity.
Set the User Assign Managed Identity in Azure Function Identity
Set properties application setting like this:
- mysecureapp - @Microsoft.KeyVault(SecretUri=https://mykv.vault.azure.net/secrets/mysecret/id)
- keyVaultReferenceIdentity - /subscriptions/subsid/resourceGroups/rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/mgid
Any thoughts on this?
CodePudding user response:
just found that when the keyVaultReferenceIdentity property is created in the Function using the portal our IaC (App Settings), it doesn't recognize the User Assigned identity as the one to authenticate in KeyVault, but if you run the PATCH described in the following link using PowerShell, it works.
it should be enough to the reference to KeyVault works
CodePudding user response:
I hope you already done all the steps. But one thing you may missed i.e.,
- you have to enable the system-assigned identity for your application.
This error MSINotEnabled comes mostly during the absence of a managed Identity for your application, and it clearly says i.e., System assigned Managed identity.
Refer to this medium article where we will find the troubleshooting steps had given along with all these kind of errors with resolutions were described.