I am trying to access a Key Vault to retrieve a Secret from Azure Key Vault from a Java application. For my code I followed the directions at the following link, and I also see the same code on other links: http://www.stratogator.com/2017/10/20/how-to-access-secrets-in-azure-key-vault-using-java/
The code requires 4 things: a ClientID and ClientKey, and also a Key Vault URL and the Secret Name.
To get the ClientID and ClientKey I Registered an Application in Azure Active Directory. From here I got the Application ID to use as the ClientID. I also created a Key to use as the ClientKey. I copied both of these values carefully. Under Permissions, I also granted this application access to Azure Key Vault. It shows the following checked: "Have full access to the Azure Key Vault service".
I created my Key Vault and also the Secret. I added some Access control (IAM) so that my AD Application would be able to access the Key Vault. I was not sure what to add so I went overboard thinking this would cover it. I granted the AD application the following Roles: Owner, Contributor, Key Vault Contributor, and Reader.
However when I try to retrieve a Secret using the Vault URL and Secret Name I get the following exception: com.microsoft.azure.keyvault.models.KeyVaultErrorException: Status code 403, {"error":{"code":"Forbidden","message":"Access denied","innererror":{"code":"AccessDenied"}}}
Any idea on what I am doing wrong, or permissions I am missing?
