Running into below issue while using azure keyvault for autounseal.
Vault is running on onprem k8s cluster. Version: 1.9.3
Error parsing Seal configuration: error fetching Azure Key Vault wrapper key information: azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to https://azkeyvault.privatelink.vaultcore.azure.net/keys/vault-unseal-key/?api-version=7.0: StatusCode=400 – Original Error: adal: Refresh request failed. Status Code = ‘400’. Response body: {“error”:“invalid_resource”,“error_description”:“AADSTS500011: The resource principal named https://privatelink.vaultcore.azure.net was not found in the tenant named xxx. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.\r\nTrace ID: 966a87d0-339c-436b-b146-3ea603221400\r\nCorrelation ID: 33b87d14-d409-4978-9768-a430997abcaf\r\nTimestamp: 2022-10-14 17:47:48Z”,“error_codes”:[500011],“timestamp”:“2022-10-14 17:47:48Z”,“trace_id”:“966a87d0-339c-436b-b146-3ea603221400”,“correlation_id”:“33b87d14-d409-4978-9768-a430997abcaf”,“error_uri”:“https://login.microsoftonline.com/error?code=500011”} Endpoint https://login.microsoftonline.com//oauth2/token?api-version=1.0
Below is the helm chart block
extraEnvironmentVars:
VAULT_SEAL_TYPE: azurekeyvault
seal "azurekeyvault" {
tenant_id = "e33..."
client_id = "d2.."
client_secret = "1234"
vault_name = "azkeyvault"
key_name = "vault-unseal-key"
resource = "privatelink.vaultcore.azure.net"
I’m able to hit the privatelink endpoint which is there in the error using the same SP credentials via postman.