When working with the Azure Portal, sometimes the simple tasks can seem difficult to accomplish.
In a recent project I needed to to wire up an Azure Key Vault task to retrieve secrets for a deployment in Azure DevOps.
In order for the deployment to be able to retrieve the Azure Key Vault secrets the service connection needed to be added to the Azure Key Vault Access Policies.
Pretty straight forward … but for the life of me, I could not figure out which Service Principal to add, all I had were names to pull from, which one was my Azure DevOps instance?
In order to figure this out we will want to navigate to the Project Settings in Azure DevOps for the deployment project.
Click Service Connections.
Click the Service Connection you want to give access to Azure Key Vault.
Click Edit.
Click use the full version of the service connection dialog.
Copy the Service principal client ID.
Navigate to the Azure Portal.
Navigate to Azure Active Directory and click App registrations.
Click the All applications tab.
Find the Application (Client) Id that matches the value of the Service principal client ID.
Note the name of the Service Principal, this is the value you will want to search for when assigning an Access Policy in Azure Key Vault.
I realize this is not some earth shattering Azure discovery, but it is something that I forget ever now and then and thought it helpful to capture in a blog post.
Thanks and keep on coding!
Discover more from Matt Ruma
Subscribe to get the latest posts sent to your email.