Share via

Azure platform: Can't Call API Key for Speech service in Google sheets.

Contentcreator1 0 Reputation points
2025-02-17T19:39:27.79+00:00

Hi I'm new to azure and I can't call my Azure Speech service (Text to speech) API key in google sheets that's stored in my Key Vault secrets (for The Speech Service.). Can anyone help me?

So far I've:

Created a Resource Group.

Added a Key Vault to the resource group and selected "Selected networks" and "allow trusted Microsoft services to bypass the firewall" and under key vault Networking I set "allow access from: allow public access from specific virtual networks and ip addresses" and added my own IP address to the firewall (Not sure if I should have chosen public acces from all networks?)

Added a speech Service to the resource group

Added the API Key for the Speech Service to the Key Vault secrets

I assigned myself as Key Vault Administrator and added IP address to the Key Vault firewall

Under Microsoft Entra ID I registered an App so the Key Vault can Authenticate the API key

Inside Key Vault i select  Access Control (IAM)  and Add role assignment and assign my app registration the “Key Vault Secret User” role.

Insde the App > API permissions i only se User.Read and i cannot create Azure Key Vault - Secrets.Read. Maybe because it's a free account?

Can anyone help me?

Azure AI Speech
Azure AI Speech
An Azure service that integrates speech processing into apps and services.
1,924 questions
Azure AI services
Azure AI services
A group of Azure services, SDKs, and APIs designed to make apps more intelligent, engaging, and discoverable.
3,159 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Manas Mohanty 745 Reputation points Microsoft Vendor
    2025-02-19T18:21:45.4466667+00:00

    Hi Contentcreator1

    Approach seems to be correct considering fact that you have added already "added my own public IP address to the firewall" and given the required permission "key vault secret user" to app registration .

    You will only need to use the client id, secret id and tenant id to get access token to authenticate and get the key vault secret. Setting up Api permission won't be needed.

    As part of debugging, you can test below code from vs code with python SDK on accessibility. (Repro'd with a public resource though)

    
import requests


def get_access_token(tenant_id, client_id, client_secret):
    url = f'https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token'
    payload = {
        'grant_type': 'client_credentials',
        'client_id': client_id,
        'client_secret': client_secret,
        'scope': 'https://vault.azure.net/.default'
    }
    response = requests.post(url, data=payload)
    response.raise_for_status()
    return response.json().get('access_token')


def get_secret(vault_name, secret_name, access_token):
    url = f'https://{vault_name}.vault.azure.net/secrets/{secret_name}?api-version=7.0'
    headers = {
        'Authorization': f'Bearer {access_token}'
    }
    response = requests.get(url, headers=headers)
    response.raise_for_status()
    return response.json().get('value')
    
def main():
    
    tenant_id = "<tenantid>"
    client_id = "<clientid"
    client_secret = "<clientsecret>" 
    vault_name = '<keyvault name>'
    secret_name = '<secretname>'

    # Get access token
    access_token = get_access_token(tenant_id, client_id, client_secret)

    # Fetch secret from Key Vault
    secret_value = get_secret(vault_name, secret_name, access_token)
    
    print(f'The secret value is: {secret_value}')

if __name__ == '__main__':
    main()

    Please share error trace if you are still facing issue.

    Reference

    APP registration

    On adding identity

    KeyVault networking

    Please upvote my answer and say "yes" if it helped.

    Thank you.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.