I have a new Azure account and want to use Free Trial subscription. I created a devops organization and project. I want to create a new variable group and import a key-vault. However, not able to do so, also I do not have access to Azure Active Directory.

Question

Context:

• We are creating a Variable Group in the Azure Pipeline Library that connects to an Azure Key Vault.
• The Azure Key Vault is configured to use Azure RBAC instead of the legacy Access Policy model.

Error Encountered:

• The pipeline displays the following error:
  The specified Azure service connection needs to have "Get, List" secret management permissions on the selected key vault. Click "Authorize" to enable Azure Pipelines to set these permissions or manage secret permissions in the Azure portal.

Observed Issues:

• The Authorize button in Azure DevOps does not appear to grant the required RBAC permissions automatically.
• The Key Vault's Access policies section is disabled (indicating that Azure RBAC is enabled).
  • The service connection in Azure DevOps does not have the required "Get" and "List" permissions for accessing secrets in the Key Vault, even after assigning the Key Vault Secrets User role to the associated service principal or managed identity.
  Steps Taken to Resolve:
  • Verified that the Azure service connection uses a valid service principal or managed identity.
    • Assigned the Key Vault Secrets User role to the service principal/managed identity in the Key Vault's Access Control (IAM) section. Expected Behavior:
      • Azure DevOps should successfully connect to the Key Vault and retrieve secrets when the service principal or managed identity has the appropriate RBAC role assigned.
      Request for Support:
      • Assistance in debugging why the Azure RBAC permissions are not allowing Azure DevOps to access the Key Vault secrets.
        • Guidance on resolving the pipeline's inability to recognize RBAC-based access configurations for the Key Vault.