Azure / AppConfiguration

Questions, feedback and samples for Azure App Configuration service
MIT License
241 stars 73 forks source link

Can't enable encryption using Customer Managed Key #991

Open Pavkum007 opened 5 days ago

Pavkum007 commented 5 days ago

I can't enable encryption using Customer Managed Key.

the following resources are created :

  1. User Assigned managed identity
  2. Azure KeyVault with a RSA key added

the identity is assigned Contributor on subscription and KeyVault Crypto Officer and KeyVault Crypto Encryption User Roles on the KeyVault.

Now I am trying to create App Configuration from azure portal. When I enable "Customer Managed Key" in the Encryption tab. Select the Identity, Keyvault and the key - I get the following error on the screen - The selected identity must have “get”, “wrapKey” and “unwrapKey” permissions on the managed key.

Image

I am not sure what the issue is here. Can you please help

Pavkum007 commented 2 days ago

Hi Team, can you please help here?

juniwang commented 2 days ago

Hi @Pavkum007, thanks for reaching out. We're aware of this issue and are currently working to reproduce and identify the root cause. We'll keep you updated.