Using PowerShell, I can access my Azure KeyVault locally, provide the secret and return stored passwords. I can also do this from a VM I spin up. Additionally, I can access a single password from the KeyVault and use it to impersonate a user on a VSTS build agent, but I cannot access the remaining stored passwords. What gives?
Here's the message I receive:
[error]Get-AzureKeyVaultSecret : Unable to retrieve service key for ServicePrincipal account [hiddenaccountname]@[companyaccount].com. Please log in again to supply the credentials for this service principal. In PowerShell, execute Login-AzureRMAccount for Azure Resource Manager cmdlets or Add-AzureAccount for service management cmdlets.
...
- CategoryInfo : CloseError: (:) [Get-AzureKeyVaultSecret], KeyNotFoundException
- FullyQualifiedErrorId : Microsoft.Azure.Commands.KeyVault.GetAzureKeyVaultSecret
Here's what my code looks like at this section:
Login-AzureRmAccount -Credential $AzureCredential -ServicePrincipal -TenantId [abunchofnumbers]
$Password = (Get-AzureKeyVaultSecret -VaultName "[nameOfVault]" -Name "[nameOfSecret]").SecretValueText
The login accepts the provided credentials and logs me in, but the Get-AzureKeyVaultSecret cmdlet fails, and only on VSTS during a build.
Any ideas, you strange and wonderful devs?
