I’m trying to implement the sops tool in order to manage secrets in my terraform code.
I already installed sops sucessfully, and executed the following commands:
az cloud set --name AzureChinaCloud
az login
az account set ###-###-###-#### (subscription id)
I also created an enviornment variable: AZURE_ENVIRONMENT=”azurechinacloud”
When I execute the command to encrypt a file using sops:
sops --encrypt --azure-kv https://[KEY_VAULT].vault.azure.cn/keys/[KEY]/[KEY_ID] secrets.yaml > secrets.enc.yaml
This command returns the following:
[AZKV] time=”2024-01-09T17:01:01Z” level=error msg=”Failed to create
Azure authorizer” error=”Invoking Azure CLI failed with the following
error: ERROR: AADSTS500011: The resource principal named
https://vault.azure.net was not found in the tenant named ****. This
can happen if the application has not been installed by the
administrator of the t enant or consented to by any user in the
tenant. You might have sent your authentication request to the wrong
tenant. Trace ID: ***** Correlation ID: **** Timesta mp: 2024-01-09
17:01:00Z\r\nInteractive authentication is needed. Please run:\r\naz
login –scope https://vault.azure.net/.default\r\n” Could not generate
data key: [failed to encrypt new data key with master key
“https://[KEY_VAULT].vault.azure.cn/keys/[KEY]/[KEY_ID]”: Invoking
Azure CLI failed with the following error: ERROR: AADSTS500011: The
resource principal named https://vault.azure.net was not found in the
tenant named *****. This can happen if the ap plication has not been
installed by the administrator of the tenant or consented to by any
user in the tenant. You might have sent your authentication request to
the wrong tenant. Trace ID: *** 4 Correlation ID: ***** Timestamp:
2024-01-09 17:01:00Z Interactive authentication is needed. Please run:
az login –scope https://vault.azure.net/.default ]
My user has the needed permissions in order to use the keys in my key vault.
Does anyone know why this is happening?