Home > database >  403 Forbidden Access, while decrypting using Azure key vault
403 Forbidden Access, while decrypting using Azure key vault

Time:10-08

I am trying to encrypt and decrypt a string locally (client-side encryption). I am encrypting successfully, whereas while trying to decrypt. I am getting Error 403.

I am attaching my code and the permission screenshot here. Any help will be appreciated.

        var vaultUri = new Uri(keyVaultUrl);
        var client = new KeyClient(vaultUri, credential: new DefaultAzureCredential());
        
        
        var cryptoClient = new CryptographyClient(key1.Id,  new DefaultAzureCredential());
        EncryptResult encryptResult = cryptoClient.Encrypt(EncryptionAlgorithm.RsaOaep256, Encoding.UTF8.GetBytes(VarToEncrypt));
        Console.WriteLine("Encrypted string is: "   Convert.ToBase64String(encryptResult.Ciphertext));

        var secretClient = new SecretClient(vaultUri,  new DefaultAzureCredential());
        secretClient.SetSecret(new KeyVaultSecret("Temp", Convert.ToBase64String(encryptResult.Ciphertext)));
        
        Console.WriteLine("Do you want to decrypt? (Y/N)");
        if (Console.ReadLine().ToUpper() == "Y")
        {
            var encryptedSecret = secretClient.GetSecret("Temp");
            DecryptResult decryptResult = cryptoClient.Decrypt(EncryptionAlgorithm.RsaOaep256, encryptResult.Ciphertext);
            Console.WriteLine("Decrypted string is: "   Encoding.UTF8.GetString(decryptResult.Plaintext));
        }

'Permissions I have in Azure key vault'

CodePudding user response:

403 means your service principal does not have an access policy configured to decrypt.

Page link:https//www.codepudding.com/database/144575.html

Prev:Azure web app access restrictions between Apps
Next:Managed Identity Causes Azure Function Linked Service to Fail in Azure Data Factory
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding