I am trying to update keyvault secret in Azure through Postman. But getting Authorization error. Any suggestions. Anything I am missing. Thanks in advance
{
"error": {
"code": "Unauthorized",
"message": "AKV10022: Invalid audience. Expected https://vault.azure.net, found: https://management.azure.com/."
}
}
Using the below to update the secret:
PUT https://demokv.vault.azure.net/secrets/secretname?api-version=7.0
in Body:
{
"value": "mysecretvalue"
}
As mentioned in another reply, the audience of your token is not correct, to call Azure Keyvault REST API - Set Secret - Set Secret, the audience should be https://vault.azure.net.
To get the token, you could use the client credential flow in the postman.
1.Register an AD App in azure ad, then get values for signing in and create a new application secret.
2.Navigate to the keyvault in the portal, add the service principal of the AD App to the Access policies.
In the postman, follow the screenshot below, fix the properties that got from step 1.
POST https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/token
client_id=<client_id>
&scope=https://vault.azure.net/.default
&client_secret=<client_secret>
&grant_type=client_credentials
Then copy the token to call the REST API to set secret, it will work fine.
Also, you can get the token with az account get-access-token --resource "https://vault.azure.net"
To specificity vault resource
You acquired the access token (Bearer) for the wrong audience,
AKV10022: Invalid audience.
Expected https://vault.azure.net,
Found: https://management.azure.com/.
Acquire a new one for the correct audience and give it another go.
My challenge was using the older version of the oauth API.
Ensure that you're using:
POST https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/token
And not:
POST https://login.microsoftonline.com/<tenant-id>/oauth2/token
