You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi!
We successfully using sops 3.7.3 with azure key vault as backend.
But when we try to use same flow with 3.8+ version it fails with ForbiddenByRbac error.
I tried both login type - az login and service principle credentials. Both fails.
I have next roles permission to resource: [Key Vault Crypto Officer, Key Vault Crypto User]
Something changed in how sops authenticate with azure resources?
./sops-v3.8.1.linux.amd64 ~/git/environments/aks-saas/secrets.yaml
Failed to get the data key required to decrypt the SOPS file.
Group 0: FAILED
https://*******.vault.azure.net/keys/sops-aks-saas-key/*********************: FAILED
- | failed to decrypt sops data key with Azure Key Vault key
| 'https://*******.vault.azure.net/keys/sops-aks-saas-key/*********************':
| POST
| https://*******.vault.azure.net/keys/sops-aks-saas-key/*********************/decrypt
| --------------------------------------------------------------------------------
| RESPONSE 403: 403 Forbidden
| ERROR CODE: Forbidden
| --------------------------------------------------------------------------------
| {
| "error": {
| "code": "Forbidden",
| "message": "Caller is not authorized to perform action
| on resource.\r\nIf role assignments, deny assignments or
| role definitions were changed recently, please observe
| propagation time.\r\nCaller:
| appid=********************;oid=*********************;iss=https://sts.windows.net/**************/\r\nAction:
| 'Microsoft.KeyVault/vaults/keys/decrypt/action'\r\nResource:
| '/subscriptions/************************/resourcegroups/****/providers/microsoft.keyvault/vaults/*******/keys/sops-aks-saas-key'\r\nAssignment:
| (not found)\r\nDenyAssignmentId: null\r\nDecisionReason:
| null \r\nVault: *******;location=********\r\n",
| "innererror": {
| "code": "ForbiddenByRbac"
| }
| }
| }
| --------------------------------------------------------------------------------
The text was updated successfully, but these errors were encountered:
Hi!
We successfully using sops 3.7.3 with azure key vault as backend.
But when we try to use same flow with 3.8+ version it fails with
ForbiddenByRbacerror.I tried both login type - az login and service principle credentials. Both fails.
I have next roles permission to resource: [Key Vault Crypto Officer, Key Vault Crypto User]
Something changed in how sops authenticate with azure resources?
The text was updated successfully, but these errors were encountered: