Not able to import keyvault certificate in Azure function app
I have two Certificates added under my keyvault (it is using Azure role-based access control
permission model).
I need to import any of these certificate under Function app -> TLS/SSL Settings -> Private Key Certificates. For achieving it, I enabled Managed identity under Function app and gave all possible/expected access to my function app.
But even after providing all the required permission, it is throwing error that Azure Function app does not have access to Import certificate from key vault. (Failed to import Key Vault Certificate: /subscriptions/xxxxxxx-xxxxxxx-xxxxxxx/resourceGroups/xxx-xxxxxx-xxxxxxx/providers/Microsoft.KeyVault/vaults/xxxxx-xxxxxxx-xxxxxxxx. Error: The service does not have access to '/subscriptions/xxxxxxxx-xxxxxxxxx-xxxxxxxxxxx/resourcegroups/xxxxx0xxxxxxxx-xxxxxxx/providers/microsoft.keyvault/vaults/xxxxx-xxxxxxx-xxxxxxxx' Key Vault. Please make sure that you have granted necessary permissions to the service to perform the request operation.)
I have tried searching similar issues and solutions on stackoverflow and MSDN, but no luck. Azure Function app and Azure key vault are in same subscription, different resource groups.
Can anyone please give any solution or hint to fix this issue?
Azure Role based access policies does not support Certificate as per MSDN.
So, I had to move to Azure Access Polices based KeyVault. By providing Get/List access to my user, Microsoft Azure App Service and Microsoft.Azure.CertificateRegistration, I have resolved this issue.
- Azure SQL trigger for Functions configuration problem
- Is there a query to run so I can get a list of users who has NOT logged in, in the past 30 days?
- How do I Parse FormData containing a audio file in AZ function app in 2025
- Adding custom headers to Azure Functions response
- Azure Queue Trigger is hit but not executing the logic inside of it
- Azure function returns error: No job functions found. Try making your job classes and methods public
- ODBC Driver 18 Not Found in Azure Function Using Python 3.11
- Azure Function App - No continuous deployment setting for "Flex Consumption" hosting plan?
- How to debug ServiceBus-triggered Azure Function locally?
- Get request headers in azure functions NodeJs Http Trigger
- Trouble obtaining access token for managed identity with application role
- How can I ensure that Azure Text-to-Speech properly pronounces word-for-word translations?
- ImportError: Install adlfs to access Azure Datalake Gen2 and Azure Blob Storage even after adlsf is installed
- Could not load file or assembly Microsoft.Extensions.Logging.Abstractions
- Specifying user-assigned managed identity in Azure Function Terraform script
- Azure function python app - getting nested environments variables
- Deployed functions but they are not showing up in Azure Portal
- How to properly use Azure Function Build and Deploy in Azure DevOps with multiple projects
- HTTP 404 error with Swagger UI on Azure Functions app
- TimeTrigger Exception "Could not create BlobContainerClient for ScheduleMonitor."
- Deployed Azure Python via github-actions does not find any package
- How to delete /home/site/wwwroot/lib folder content before zip deployment?
- How to get the Exception (Message and StackStrace) of a Python Azure Function
- How to get client IP address in Azure Functions node.js?
- Run time error after upgrading .net6 to .net8
- Why is my python app working when doing a code deployment but when using a docker image
- The listener for durable function was unable to start because the target machine actively refused it
- Azure Portal function app not showing functions after deploy from VS Code
- Azure Function App - How to upgrade .NET runtime
- Additional Python Files in azure Function