search

Azure / azure-sdk-for-net

This repository is for active development of the Azure SDK for .NET. For consumers of the SDK we recommend visiting our public developer docs at https://learn.microsoft.com/dotnet/azure/ or our versioned developer docs at https://azure.github.io/azure-sdk-for-net.
MIT License
5.25k stars 4.59k forks source link

[BUG] Cannot fetch secrets #45511

Open lawjeremy opened 1 month ago

lawjeremy commented 1 month ago

Library name and version

Azure.Security.Keyvault.Secrets 4.6.0

Describe the bug

I am using certificate authentication to access my keyvault and have it tested using the Azure cli. I am able to fetch secrets without issue.

However, in my .Net app the request fails with the message:

Client address is not authorized and caller is not a trusted service

This seems to be due to the fact that the library is not using the private endpoint associated with the keyvault.

The header from my .Net request:

x-ms-keyvault-network-info: conn_type=Ipv4;addr=removed;act_addr_fam=InterNetwork;

And from the cli request:

x-ms-keyvault-network-info: conn_type=PrivateLink;private_endpoint=removed;addr=removed;act_addr_fam=InterNetworkV6

I tried to use the uri of the private endpoint, but got the same error

Expected behavior

Expected the library to use the private endpoint

Actual behavior

Library does not use the private endpoint

Reproduction Steps

Try to fetch secrets from a keyvault that is only accessible via private endpoint, using the vault uri

Environment

windows 10 .net framework v4.8. visual studio 2022

github-actions[bot] commented 1 month ago

Thank you for your feedback. Tagging and routing to the team member best able to assist.

JonathanCrd commented 4 weeks ago

Thanks for the report, I will investigate this issue.

heaths commented 3 weeks ago

Also posted to Stack Overflow: https://stackoverflow.com/questions/78871281/azure-sdk-for-net-cant-fetch-secret-from-keyvault.

/cc @christothes since this is more of an identity question.