I’m following this tutorial on how to generate elliptic curve keys in Python azure.keyvault.keys package — Azure SDK for Python 2.0.0 documentation (windows.net)
This is the current python code that I have executed:
from azure.identity import DefaultAzureCredential
from azure.keyvault.keys import KeyClient
credential = DefaultAzureCredential()
key_client = KeyClient(vault_url="https://mykv.vault.azure.net/", credential=credential)
# Create an elliptic curve key
ec_key = key_client.create_ec_key("test-ec-key", curve="P-256")
print(ec_key.name)
print(ec_key.key_type)
But I’m having some trouble with code as it’s keep failing with same error message:
azure.core.exceptions.HttpResponseError: (Forbidden) Caller is not authorized to perform action on resource.
If role assignments, deny assignments or role definitions were changed recently, please observe propagation time.
Caller: appid=d5f43625-e0e3-4e27-a63d-477f9e91cb5c;oid=890cda89-b200-41a9-8453-454cd42698eb;iss=https://sts.windows.net/47ed4b29-d620-4166-975b-81fdce3d3875/
Action: ‘Microsoft.KeyVault/vaults/keys/create/action’
Resource: ‘/subscriptions/db002e19-6b8e-4b1b-a70d-a430eb7b5acf/resourcegroups/test_rg/providers/microsoft.keyvault/vaults/mykv/keys/test-ec-key’
Assignment: (not found)
DenyAssignmentId: null
DecisionReason: ‘DeniedWithNoValidRBAC’
Vault: mykv;location=eastus
Inner error: {
“code”: “ForbiddenByRbac”
}
Do you have any idea what’s wrong? I’ve tried to fix it but nothing seems to work. Maybe you can take a look and help me out? Thanks!
Could you check and confirm what authentication key vault has in
Access configurationtab? RBAC or vault access policy?@Sridevi You mean this i.imgur.com/G4Lbv39.png
Yes, you are using RBAC as key vault authentication. To create keys, you need to have at least “Key Vault Crypto Officer” role under the key vault. Try assigning that role if not assigned yet