search

Altinn / altinn-platform

Altinn Platform infrastructure
7 stars 1 forks source link

DevOps Pipeline Failure - Expired Client Secret for Key Vault Access #1087

Closed ootneim closed 2 weeks ago

ootneim commented 2 weeks ago

Description

The Terraform DevOps pipeline is failing due to an expired client secret for the Azure AD application used to access the Key Vault altinn-terraform-kv. This prevents the pipeline from fetching necessary secrets, causing it to fail during the Key Vault access step.

Error Message

Key vault name: altinn-terraform-kv. Downloading secrets using: https://altinn-terraform-kv.vault.azure.net/secrets?maxresults=25&api-version=2016-10-01. 
##[error]Get secrets failed. Error: Could not fetch access token for Azure. 
Status code: invalid_client, status message: Error(s): 7000222 - Description: AADSTS7000222: The provided client secret keys for app '***' are expired. 
Visit the Azure portal to create new keys for your app: https://aka.ms/NewClientSecret.

Fix

In 'platform-task-common-init.yml' change

- task: AzureKeyVault@2
  displayName: 'Azure Key Vault: altinn-terraform-kv'
  inputs:
    azureSubscription: 'Altinn-Management-Prod (d43d5057-8389-40d5-88c4-04db9275cbf2)'
    KeyVaultName: 'altinn-terraform-kv'
    SecretsFilter: '*'
    RunAsPreJob: true

to 

- task: AzureKeyVault@2
  displayName: 'Azure Key Vault: altinn-terraform-kv'
  inputs:
    azureSubscription: 'Altinn-Platform-Terraform-oidc'
    KeyVaultName: 'altinn-terraform-kv'
    SecretsFilter: '*'
    RunAsPreJob: true