I'm following this tutorial on how to generate elliptic curve keys in Python azure.keyvault.keys package — Azure SDK for Python 2.0.0 documentation (windows.net)
This is the current python code that I have executed:
from azure.identity import DefaultAzureCredential
from azure.keyvault.keys import KeyClient
credential = DefaultAzureCredential()
key_client = KeyClient(vault_url="https://mykv.vault.azure.net/", credential=credential)
# Create an elliptic curve key
ec_key = key_client.create_ec_key("test-ec-key", curve="P-256")
print(ec_key.name)
print(ec_key.key_type)
But I'm having some trouble with code as it's keep failing with same error message:
azure.core.exceptions.HttpResponseError: (Forbidden) Caller is not authorized to perform action on resource.
If role assignments, deny assignments or role definitions were changed recently, please observe propagation time.
Caller: appid=d5f43625-e0e3-4e27-a63d-477f9e91cb5c;oid=890cda89-b200-41a9-8453-454cd42698eb;iss=https://sts.windows.net/47ed4b29-d620-4166-975b-81fdce3d3875/
Action: 'Microsoft.KeyVault/vaults/keys/create/action'
Resource: '/subscriptions/db002e19-6b8e-4b1b-a70d-a430eb7b5acf/resourcegroups/test_rg/providers/microsoft.keyvault/vaults/mykv/keys/test-ec-key'
Assignment: (not found)
DenyAssignmentId: null
DecisionReason: 'DeniedWithNoValidRBAC'
Vault: mykv;location=eastus
Inner error: { "code": "ForbiddenByRbac" }
Do you have any idea what's wrong? I've tried to fix it but nothing seems to work. Maybe you can take a look and help me out? Thanks!
Initially, I ran your code without assigning required role and got same error like this:
To resolve the error, you need to assign at least "Key Vault Crypto Officer" role to user or service principal under the key vault:
When I ran the same code again now, I got the response successfully like this:
Response:
To confirm that, I checked the same in Portal where key created successfully as below: