Secret variables in Azure keyvault after V5 installation

Product: PowerShell Universal
Version: 5.0.3

Hello everyone,

Since installing version 5.0.3, my secret variables stored in an Azure keyvault no longer work.

I don’t know if I’ve missed something in my configuration. Everything worked fine in version 4.3.4.

My initialize.ps1 file hasn’t changed

Import-Module "Az.Accounts"
Import-Module "Az.KeyVault"

$subscription = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
$tenant = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
$KVaultName = "XXXXXXXXXXXXXXXX"

Connect-AzAccount -Subscription $subscription -TenantId $tenant -ServicePrincipal -ApplicationId $env:AZURE_CLIENT_ID -FederatedToken $(Get-Content  $env:AZURE_FEDERATED_TOKEN_FILE -raw)

Register-SecretVault -ModuleName Az.KeyVault -Name AzureKeyVault -VaultParameters @{ 
    AZKVaultName = $KVaultName
    SubscriptionId = $subscription
} -AllowClobber

I’ve also tried to create a script and then run it directly via jobs and everything is OK (the script doesn’t return any errors).

Below are the error logs I was able to find.

[14:08:13 ERR] Failed to read secret :Your Azure credentials have not been set up or have expired, please run Connect-AzAccount to set up your Azure credentials.
ClientAssertionCredential authentication failed: Entry point was not found.
[14:08:13 ERR] Failed to read secret :Your Azure credentials have not been set up or have expired, please run Connect-AzAccount to set up your Azure credentials.
ClientAssertionCredential authentication failed: Entry point was not found.
[14:08:13 ERR] Failed to read secret :Your Azure credentials have not been set up or have expired, please run Connect-AzAccount to set up your Azure credentials.
ClientAssertionCredential authentication failed: Entry point was not found.
[14:08:13 ERR] Failed to read secret :Your Azure credentials have not been set up or have expired, please run Connect-AzAccount to set up your Azure credentials.
ClientAssertionCredential authentication failed: Entry point was not found.
[14:08:13 ERR] Failed to read secret :Your Azure credentials have not been set up or have expired, please run Connect-AzAccount to set up your Azure credentials.
ClientAssertionCredential authentication failed: Entry point was not found.
[14:08:13 ERR] Failed to read secret :Your Azure credentials have not been set up or have expired, please run Connect-AzAccount to set up your Azure credentials.
ClientAssertionCredential authentication failed: Entry point was not found.
[14:08:14 ERR] Failed to read secret :Your Azure credentials have not been set up or have expired, please run Connect-AzAccount to set up your Azure credentials.
ClientAssertionCredential authentication failed: Entry point was not found.
[14:08:14 ERR] Failed to read secret :Your Azure credentials have not been set up or have expired, please run Connect-AzAccount to set up your Azure credentials.
ClientAssertionCredential authentication failed: Entry point was not found.
[14:08:14 ERR] Failed to read secret :Your Azure credentials have not been set up or have expired, please run Connect-AzAccount to set up your Azure credentials.
ClientAssertionCredential authentication failed: Entry point was not found.
[14:08:14 ERR] Failed to read secret :Your Azure credentials have not been set up or have expired, please run Connect-AzAccount to set up your Azure credentials.
ClientAssertionCredential authentication failed: Entry point was not found.
[14:08:15 ERR] Failed to read secret :Your Azure credentials have not been set up or have expired, please run Connect-AzAccount to set up your Azure credentials.
ClientAssertionCredential authentication failed: Entry point was not found.
[14:08:15 ERR] Failed to read secret :Your Azure credentials have not been set up or have expired, please run Connect-AzAccount to set up your Azure credentials.
ClientAssertionCredential authentication failed: Entry point was not found.
[14:08:15 ERR] Failed to read secret :Your Azure credentials have not been set up or have expired, please run Connect-AzAccount to set up your Azure credentials.
ClientAssertionCredential authentication failed: Entry point was not found.
[14:08:15 ERR] Failed to read secret :Your Azure credentials have not been set up or have expired, please run Connect-AzAccount to set up your Azure credentials.
ClientAssertionCredential authentication failed: Entry point was not found.
[14:08:15 ERR] Failed to read secret :Your Azure credentials have not been set up or have expired, please run Connect-AzAccount to set up your Azure credentials.
ClientAssertionCredential authentication failed: Entry point was not found.

Thank you in advance for your help

I’ll open an issue for this. This is an assembly conflict. We might need to adjust an assembly version in the PSU service.

To add to this issue, it really seems 5.0.3 broke something in Windows as things do work fine with the 5.0.2 version.
I’ve been working with 5.0.5 on macOS without these issues.

Also, while I don’t have a trial key to test it, it doesn’t seem to be working either in 5.2.0, the application log throws out the same errors for me.

This will be resolved in 5.2.1. PSU was using an out dated Azure.Identity.Broker assembly causing this issue with the latest Az.Accounts module.

Due note that a vaults.ps1 file has been added in 5.2.0. It effectively runs around the same time as initialize.ps1 but has the benefit of running while PSU is running. This will allow you to test your secret registration without resetting the service.

image949×527 17.7 KB

Great! Thanks for the hard work in the platform, I really enjoy using it! Can’t wait to try it!