We're trying to download secrets with the download key vault secrets release task in VSTS.
The service principal is add in the key vault's access policies, all rights are checked, including get, list secrets.
I created a service endpoint with this service principal and use that to deploy to Azure, but I get following error when trying to retrieve the keyvault secrets:
2018-05-21T12:18:53.9240364Z ##[error]Get secrets failed. Error: Access denied. Specified Azure endpoint needs to have Get, List secret management permissions on the selected key vault. To set these permissions, download ProvisionKeyVaultPermissions.ps1 script from build/release logs and execute it OR set them from Azure portal.