Friday, February 12, 2021

When enabledForTemplateDeployment is true, networkAcls.bypass must include "AzureServices"

Working on Private Endpoint implementation for KeyVault, for that I enabled Private Endpoint  and access is allowed to only selected networks. And no exceptions (no one can bypass the rule)

key vault private end point


After doing that I was trying to add a Secret in a Key Vault but was notified with following error

"When enabledForTemplateDeployment is true, networkAcls.bypass must include "AzureServices""


Error while adding secret in Key Vault



Why it happened

 
So seeing the error I verified and confirmed that enabledForTemplateDeployment is true

enabled for Template deployment key vault


But this 
Specifies whether Azure Resource Manager is permitted to retrieve secrets from the key vault  thus this is not why the error was popped.
                     
The other part of error says that network access control is enabled.

networkAcls.bypass - Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'.

But as I have selected No in exceptions, no azure services can access Key Vault (cannot bypass the firewall).

What to do


The KeyVault in which I was tying to add secret has Private Endpoint enabled and access is allowed to only selected networks.

Thus I need to be inside that network to access Key Vault, for that I logged in to one of the Virtual Machine which is part of this Virtual Network, login to portal from the VM  and that's it - was able to add secret.








No comments:

Post a Comment

If you have any suggestions or questions or want to share something then please drop a comment