remove access policy that was using providerPrincipalId and customerTenantId since that policy was not doing anything and secret was created via ARM and not via the data-plane APIs that accessPolicies control
explain that provider is able to create the secret in the Key Vault through ARM control-plane but is not able to access the secrets using data-plane APIs.
Clarify create-keyvault-secret sample:
/cc: @liupeirong