Azure KeyVault Get Secret API responds with 404 or 401 error

1
votes

I am trying to get a secret out of Azure Key Vault. It is a very simple Restful API call. For example for all key, it is as simple as this:

GET {vaultBaseUrl}/secrets?api-version=7.0

where vaultBaseUrl is provided in Azure Console as Vault DNS name. I am using console mode for testing https://docs.microsoft.com/en-us/rest/api/keyvault/getsecrets/getsecrets#code-try-0 But the return value if always 404. When I try curl in the Azure console, it gives 401 - Unauthorized. However I can use the command line to get the secret out. Is there any secret to making the restful call and curl work to get the secret out? All these situations use the same credentials. A side questions is, that on the micorosft api testing page there is a 'Request Preview' section with a green Run button, almost as if it is inviting you to run the api, but the link is to docs.microsoft.com and the copy button on the box is disabled. I have never seen so many problems in one place, so I am thinking may be I don't understand something here.

2
restazureazure-keyvaultsecret-key

2 Answers

3
votes

The doc seems not to be correct. If you want to get the secret, you could use the Client credentials flow to get the access token and use it to get the secret.

Follow the steps as below.

1.Register an app in the Azure Active Directory, see this link. Get the application id and key, see this link. Add the service principal in the Access policies in your keyvault with the correct secret permission(just search the name of your AD App then add it).

2.In the postman, send a request to the url

POST https://login.microsoftonline.com/{your tenant id}/oauth2/token?api-version=1.0

Request body and complete sample(client_id and client_secret are the application id and key in step 1):

enter image description here

3.Copy the access_token in step 2, then use it as an Authorization token to call the api:

GET https://yourkeyvault.vault.azure.net/secrets?api-version=7.0

enter image description here

Besides, if you want to use CURL to get the secret, try the one like below. The TOKEN is the same with the access_token in step 2 above.

curl -X GET -H "Authorization: Bearer [TOKEN]" https://yourkeyvault.vault.azure.net/secrets?api-version=7.0

For more details about getting access_token via curl and complete steps, you could refer to this link. Don't forget to change the resource to https://vault.azure.net in the Request the Access Token step.

0
votes

Pass Bearer token.There will be an Url to generate a token and pass it to authentication then u will donot get the error.