Not able to Create a Secret in KeyVault

Dhruv Mudaliar 0 Reputation points

Hi all,

I am a student at Indiana University and I have a college Azure Subscription and Personal Subscription. I am able to create a Resource Group, Key Vault but when I tried to create a secret under a vault, I get the error below; saying role assignments.

Error: "The operation is not allowed by RBAC. If role assignments were recently changed, please wait several minutes for role assignments to become effective."

Would someone be able to help, thanks in advance!

Dhruv Mudaliar

  1. Sridevi Machavarapu 33,305 Reputation points Microsoft External Staff Moderator

    Hello Dhruv Mudaliar,

    This error usually indicates that your user account does not currently have the required Azure RBAC permissions to perform secret operations in the Key Vault.

    Please verify the following:

    • Go to the Key Vault in the Azure portal.
    • Open Access control (IAM).
    • Check whether your user account has one of these roles assigned:
      • Key Vault Administrator
      • Key Vault Secrets Officer
      • Key Vault Contributor

    If RBAC was recently assigned, allow a few minutes for propagation and then try again.

    Since this is a college subscription, there may also be restrictions enforced by your university administrator that prevent assigning elevated roles.

    Also note:

    • "Key Vault Contributor" lets you manage the vault itself but does not allow creating or managing secrets.
    • "Key Vault Secrets Officer" or "Key Vault Administrator" is typically required to create secrets.

    Hope this helps.

  2. Sridevi Machavarapu 33,305 Reputation points Microsoft External Staff Moderator

    Hello Dhruv Mudaliar,

    Please confirm if you have further queries on this!

Sign in to comment

1 answer

  1. TP 157.5K Reputation points Volunteer Moderator

    Hi Dhruv,

    You need to add role assignment on your key vault for role Key Vault Secrets Officer for your user account. To do this you may navigate to your key vault in the Azure portal. On left menu click on Access control (IAM), next click Add -- Add role assignment. Search for and select Key Vault Secrets Officer, click Next, click Select members, search for and select your user account, click Next, click Review + assign.

    👁 User's image

    Wait a minute or two for the change to take effect, then try to create Secret.

    Azure built-in roles for Key Vault data plane operations

    https://learn.microsoft.com/en-us/azure/key-vault/general/rbac-guide?tabs=azure-cli#azure-built-in-roles-for-key-vault-data-plane-operations

    Screenshot excerpt from above article:

    👁 User's image

    Please click Accept Answer and upvote if the above was helpful.

    Thanks.

    -TP

    0 comments No comments
    Sign in to comment
Sign in to answer

Your answer