I am facing an issue when trying to connect to a VM using bastion. I want to use the SSH key that is stored in a keyvault (only accessible through a private endpoint).
The bastion, the VM and the keyvault are all in the same VNET.
The portal tells me I don't have list access but that is not true (Attached Image).
The private endpoint has a private dns entry and a private IP.
The private dns zone has a VNET-link to the VNET.
Is there something I am missing? Is this not the way to go?
I tried to reproduce the same in my environment I got the same error like below:
This issue occurs if your key vault does not have access policies permission make sure to add access policies like below:
In your keyvault -> Access policies -> create -> try to give permission to all keys
.
Enter the name of the user, app, or service principal in the search field and select the appropriate to access policy and review + create like below:
Now, check the policy is listed which users are added here can be able to access the bastion
Now Bastion is connected successfully like below:
Reference:
Connect to a Windows VM using SSH - Azure Bastion | Microsoft Learn
