Share via

Azure Key Vault - Cannot get the access policies information by Azure PowerShell

cchrischeung 20 Reputation points
2024-11-01T06:50:21.72+00:00

Hi All,

I’m working on enabling Azure Key Vault backup. I need to gather secrets, keys, certificates, and access policies, then save them to a storage account. However, I’ve encountered an issue where the Azure Key Vault cannot retrieve the access policies information, even though I have Key Vault Administrator permissions.

This problem doesn't occur in other key vaults I’ve tested. I would like to know if there is an issue with my PowerShell script or a misconfiguration in the key vault. Please check my test information below.

My Key Vault 1:
key01

key012

My Key Vault 2:
key02

key021

My PowerShell Script for this case:

$keyvaultname = ""
$keyVaultAccessPolicies = Get-AzKeyVault -VaultName $keyvaultname

Write-Output $keyVaultAccessPolicies.AccessPolicies

My test result:

PS C:\Users\azureadmin> $keyVaultAccessPolicies = Get-AzKeyVault -VaultName kv-eas-kvauto-01
PS C:\Users\azureadmin> Write-Output $keyVaultAccessPolicies.AccessPolicies
Tenant ID                                  : xxxxx-xxxxx-xxxxx-xxxxxx-xxxxxxxx
Object ID                                  : xxxxx-xxxxxx-xxxxxxx-xxxxxx-xxxxxxx
Application ID                             : 
Display Name                               : xxxxxxxxxxxxxx
Permissions to Keys                        : {Get, List, Update, Create...}
Permissions to Secrets                     : {Get, List, Set, Delete...}
Permissions to Certificates                : {Get, List, Update, Create...}
Permissions to (Key Vault Managed) Storage : {}
PS C:\Users\azureadmin> $keyVaultAccessPolicies = Get-AzKeyVault -VaultName kv-eas-kvauto-02
PS C:\Users\azureadmin> Write-Output $keyVaultAccessPolicies.AccessPolicies
Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,313 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,552 questions
0 comments
Accepted answer
  1. TP 97,996 Reputation points
    2024-11-01T07:14:01.99+00:00

    Hi,

    Vault "kv-eas-kvauto-02" likely doesn't have any access policies, that is why it is returning null for AccessPolicies. To check this, navigate to kv-eas-kvauto-02 in portal, Settings Access configuration blade, select Vault access policy, click Apply. Press F5 to refresh page, then click on Access policies blade.

    User's image

    After confirming switch the key vault back to Azure RBAC mode.

    Please click Accept Answer and upvote if the above was helpful.

    Thanks.

    -TP

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.