Open fwestling-ark opened 2 weeks ago
Please verify if the app you logged in has the "Key Vault Secrets User" permission. The screenshot you provided shows "Assignment: (not found)". You can check the role assignment by running the following command:
az role assignment list --assignee <Your-app-id> --scope "/subscriptions/<Your-sub-id>/resourceGroups/<Your-rg-name>/providers/Microsoft.KeyVault/vaults/<Your-kv-name>
It does have that permission, as I mentioned in the original post; that's why I'm wondering if it's failing to bring something through from the login action.
@fwestling-ark, you can run az account show
in azure/cli action to check if you are using the right account.
I have the following workflow:
az/login
succeeds with the message "Azure CLI login succeeds by using service principal with secret", and the service principal I have set up has theKey Vault Secrets User
role in the key vault I'm targeting (and has had it for more than 48 hours). However, I get a "Caller is not authorized" response from the CLI (see below). Is it possible the CLI is not pulling in the authentication from theaz/login
action?