2020-12-01 17:43

Key Vault: List key vault fails if a key vault has 'secret backup' permissions

$ az keyvault list --resource-group demo9311
u'backup' is not valid value for enum <enum>

There is one key vault in this list, that has 'secret backup' permissions. See output from PowerShell for this key vault (yes, the RG name and vault name are same). Since keyvault CLI component doesn't know about 'backup' permissions for secrets, my guess is the above command is failing.

PS C:\> Get-AzureRmKeyVault -ResourceGroupName demo9311 -VaultName demo9311

Vault Name                       : demo9311
Resource Group Name              : demo9311
Location                         : westus
Resource ID                      : /subscriptions/XXXXXXXXXXXXXXXXX/resourceGroups/demo9311/provider
Vault URI                        : https://demo9311.vault.azure.net/
Tenant ID                        : XXXXXXXXXXXXXXXXXXXXXXXXX7
SKU                              : Standard
Enabled For Deployment?          : False
Enabled For Template Deployment? : False
Enabled For Disk Encryption?     : False
Soft Delete Enabled?             : True
Access Policies                  :
                                   Tenant ID                   : XXXXXXXXXXXXXXXXXXXXXXXXXXXX47
                                   Object ID                   : XXXXXXXXXXXXXXXXXXXXXXXXXXXXd1
                                   Application ID              :
                                   Display Name                :
                                   Permissions to Keys         : All
                                   Permissions to Secrets      : All
                                   Permissions to Certificates : All

                                   Tenant ID                   : XXXXXXXXXXXXXXXXXXXXXXX47
                                   Object ID                   : XXXXXXXXXXXXXXXXXXXXXXX1f
                                   Application ID              :
                                   Display Name                : XXXXXX XXXXX (XXXXXXX.com)
                                   Permissions to Keys         : all
                                   Permissions to Secrets      : backup
                                   Permissions to Certificates :

                                   Tenant ID                   : XXXXXXXXXXXXXXXXXXXXXXXXXX47
                                   Object ID                   : XXXXXXXXXXXXXXXXXXXXXXXXXX80
                                   Application ID              :
                                   Display Name                : XXXXXXX XXXXX (XXXXXXXX.com)
                                   Permissions to Keys         : Backup, Create, Delete, Get, Import, List, Restore,
                                   Permissions to Secrets      : backup, restore, get, set
                                   Permissions to Certificates : all

Tags                             :


  • 点赞
  • 回答
  • 收藏
  • 复制链接分享