Cannot set secret value in Azure Key Vault

7
votes

I am trying to crete a "secret value" using Azure Key Vault. I am following a tutorial from Microsoft located here ... https://azure.microsoft.com/en-us/documentation/articles/key-vault-get-started/

I was able to create a Key Vault using ...

New-AzureRmKeyVault -VaultName 'MyKeyVaultName' -ResourceGroupName 'MyResourceGroup' -Location 'West US'

I can also verify it was created by using ...

Get-AzureRmKeyVault

I am able to create the secret value by using the following ...

$secretvalue = ConvertTo-SecureString 'Pa$$w0rd' -AsPlainText -Force

However when I try to set the key ...

$secret = Set-AzureKeyVaultSecret -VaultName 'MyKeyVaultName' -Name 'SQLPassword' -SecretValue $secretvalue

I get an error that says

Set-AzureKeyVaultSecret : Operation "set" is not allowed

I thought that I had gained all access to the Key Vault by creating it? Do I need to add specific permissions?

Here is a screen capture of the error from powershell enter image description here

2
azureazure-keyvault

2 Answers

11
votes

Likely a permissions issue. Try the following:

Set-AzureRmKeyVaultAccessPolicy –VaultName ‘{your vault name}’ –UserPrincipalName ‘{your account email}’ –PermissionsToKeys all –PermissionsToSecrets all
2
votes

The problem you are having is that you are not creating a key to attach a secret to, You need to call Add-AzureKeyVaultKey to create that key. Like this... 

$vault = Get-AzureRmKeyVault    

$secretvalue = ConvertTo-SecureString 'Pa$$w0rd' `
              -AsPlainText -Force  

$key = Add-AzureKeyVaultKey -VaultName $vault.VaultName `
              -Name Test01 `
              -Destination Software   

(Get-AzureKeyVaultSecret -VaultName $vault.VaultName `
              -Name test01).SecretValueText

which returns

Pa$$w0rd