Product: PowerShell Universal
Version: 5.0.6
Hello,
I need help setting up the keyvault for secrets in Azure. I tried to put the 5.0.6 image in Container App of Azure. In Powershell Universal all my connection scripts work without any problem. However, it’s impossible to connect to the keyvault via managed identity via the initialize script.
My initialize.ps1 script
# Install Az.Accoount and Az.KeyVault modules
Import-Module Az.KeyVault
Import-Module Az.Accounts
# found in Subscriptions
$SubscriptionId = 'xxxxxxxxxxxxxxxxxxx'
# found in app registration
$TenantId = 'xxxxxxxxxxxxxxxx'
$AccountId = 'xxxxxxxxxxxxxxxxxxxxxx'
# found in your KeyVault
$VaultName = 'xxxxxxxxxxxxxxxxx'
# connect to Azure
Connect-AzAccount -Subscription $SubscriptionId -TenantId $TenantId -Identity -AccountId $AccountId
# (re)register your secret vault
Register-SecretVault -ModuleName Az.KeyVault -Name AzureKeyVault -VaultParameters @{
AZKVaultName = $VaultName
SubscriptionId = $SubscriptionId
} -AllowClobber
My configuration in Azure on the Container App
Below is the error log
[17:00:06 ERR] Exception:
System.ArgumentNullException: Entry point was not found.
Could not find tenant id for provided tenant domain 'c625fb12-05d6-46d1-9549-065d53935f05'. Please ensure that the managed service identity found on this machine has proper permissions to the provided tenant domain.
---> System.EntryPointNotFoundException: Entry point was not found.
at System.Threading.Tasks.Sources.IValueTaskSource`1.GetStatus(Int16 token)
at Microsoft.Azure.PowerShell.Authenticators.MsalAccessTokenAcquirer.GetAccessTokenAsync(String callerClassName, String parametersLog, TokenCredential tokenCredential, TokenRequestContext requestContext, CancellationToken cancellationToken, String tenantId, String userId, String homeAccountId)
at Microsoft.Azure.Commands.Common.Authentication.Factories.AuthenticationFactory.Authenticate(IAzureAccount account, IAzureEnvironment environment, String tenant, SecureString password, String promptBehavior, Action`1 promptAction, IAzureTokenCache tokenCache, String resourceId)
at Microsoft.Azure.Commands.ResourceManager.Common.RMProfileClient.AcquireAccessToken(IAzureAccount account, IAzureEnvironment environment, String tenantId, SecureString password, String promptBehavior, Action`1 promptAction, String resourceId)
at Microsoft.Azure.Commands.ResourceManager.Common.RMProfileClient.Login(IAzureAccount account, IAzureEnvironment environment, String tenantIdOrName, String subscriptionId, String subscriptionName, SecureString password, Boolean skipValidation, IOpenIDConfiguration openIDConfigDoc, Action`1 promptAction, String name, Boolean shouldPopulateContextList, Int32 maxContextPopulation, String authScope, Boolean IsInteractiveContextSelectionEnabled)
--- End of inner exception stack trace ---
at Microsoft.Azure.Commands.ResourceManager.Common.RMProfileClient.Login(IAzureAccount account, IAzureEnvironment environment, String tenantIdOrName, String subscriptionId, String subscriptionName, SecureString password, Boolean skipValidation, IOpenIDConfiguration openIDConfigDoc, Action`1 promptAction, String name, Boolean shouldPopulateContextList, Int32 maxContextPopulation, String authScope, Boolean IsInteractiveContextSelectionEnabled)
at Microsoft.Azure.Commands.Profile.ConnectAzureRmAccountCommand.<>c__DisplayClass134_2.<ExecuteCmdlet>b__7()
at System.Threading.Tasks.Task`1.InnerInvoke()
at System.Threading.ExecutionContext.RunFromThreadPoolDispatchLoop(Thread threadPoolThread, ExecutionContext executionContext, ContextCallback callback, Object state)
--- End of stack trace from previous location ---
at System.Threading.ExecutionContext.RunFromThreadPoolDispatchLoop(Thread threadPoolThread, ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.Tasks.Task.ExecuteWithThreadLocal(Task& currentTaskSlot, Thread threadPoolThread)
--- End of stack trace from previous location ---
at Microsoft.Azure.Commands.Profile.ConnectAzureRmAccountCommand.<>c__DisplayClass134_1.<ExecuteCmdlet>b__1(AzureRmProfile localProfile, RMProfileClient profileClient, String name)
at Microsoft.Azure.Commands.Profile.ConnectAzureRmAccountCommand.<>c__DisplayClass150_0.<SetContextWithOverwritePrompt>b__0(AzureRmProfile prof, RMProfileClient client)
at Microsoft.Azure.Commands.Profile.Common.AzureContextModificationCmdlet.ModifyContext(Action`2 contextAction)
at Microsoft.Azure.Commands.Profile.ConnectAzureRmAccountCommand.SetContextWithOverwritePrompt(Action`3 setContextAction)
at Microsoft.Azure.Commands.Profile.ConnectAzureRmAccountCommand.ExecuteCmdlet()
at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.<>c__3`1.<ExecuteSynchronouslyOrAsJob>b__3_0(T c)
at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.ExecuteSynchronouslyOrAsJob[T](T cmdlet, Action`1 executor)
at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.ExecuteSynchronouslyOrAsJob[T](T cmdlet)
at Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet.ProcessRecord()
I’ve run out of ideas, can you help me?