Connection is not an approved private link; connecting acr cache credential set to keyvault with private endpoint

Question

Hi,

I'm trying to bicep cache rules for docker.io and they require a credentialset. I managed to create a credentialset for my acr but I get the following error when it tries to get the credentials from my private keyvault:

"errorCode": "Forbidden",
"errorMessage": "Connection is not an approved private link and caller was ignored because bypass is not set to 'AzureServices' and PublicNetworkAccess is set to 'Disabled'. \r\nVault: 

Answer 1

Hi @Maxim de Bie

Thank you for reaching us!

I understand that when you are tries to get the credentials from key vault you are getting below error message
"Connection is not an approved private link and caller was ignored because bypass is not set to 'AzureServices' and PublicNetworkAccess is set to 'Disabled'

This error occurs when public access to Key Vault is disabled and the option to 'Allow trusted Microsoft services to bypass this firewall' is unchecked, as shown below.

And the service or device you are accessing this KeyVault from is not using the allowed private IP.

To address the issue, navigate to your keyvault in azure portal choose networking blade and choose Allow public access from specific virtual networks and IP addresses and include your device's IP address in that list to resolve the problem.

Also, if you are trying to access the vault through a Trusted Microsoft service, then configure the settings to 'Allow trusted Microsoft services to bypass this firewall'.

*
Please do correct me if this is not the case by responding in the comments section also do share the screenshot to validate the error generating step.*

Hope this helps. Please do let me know if you any further queries, by responding in the comments section.

Thanks,

Akhilesh.

---

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.