I'm trying to implement the sops tool in order to manage secrets in my terraform code. I already installed sops sucessfully, and executed the following commands:
az cloud set --name AzureChinaCloud
az login
az account set ###-###-###-#### (subscription id)
I also created an enviornment variable: AZURE_ENVIRONMENT="azurechinacloud" When I execute the command to encrypt a file using sops:
sops --encrypt --azure-kv https://[KEY_VAULT].vault.azure.cn/keys/[KEY]/[KEY_ID] secrets.yaml > secrets.enc.yaml
This command returns the following:
[AZKV] time="2024-01-09T17:01:01Z" level=error msg="Failed to create Azure authorizer" error="Invoking Azure CLI failed with the following error: ERROR: AADSTS500011: The resource principal named https://vault.azure.net was not found in the tenant named ****. This can happen if the application has not been installed by the administrator of the t enant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant. Trace ID: ***** Correlation ID: **** Timesta mp: 2024-01-09 17:01:00Z\r\nInteractive authentication is needed. Please run:\r\naz login --scope https://vault.azure.net/.default\r\n" Could not generate data key: [failed to encrypt new data key with master key "https://[KEY_VAULT].vault.azure.cn/keys/[KEY]/[KEY_ID]": Invoking Azure CLI failed with the following error: ERROR: AADSTS500011: The resource principal named https://vault.azure.net was not found in the tenant named *****. This can happen if the ap plication has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant. Trace ID: *** 4 Correlation ID: ***** Timestamp: 2024-01-09 17:01:00Z Interactive authentication is needed. Please run: az login --scope https://vault.azure.net/.default ]
My user has the needed permissions in order to use the keys in my key vault.
Does anyone know why this is happening?