Access Denied using Azure App Configuration Task in DevOps Pipeline
I am trying to use the DevOps Azure App Configuration task and I keep getting the error message "Access Denied".
I have triple checked and the Service Principal has both;
- Admin level "Owner" permissions to the App Config resource
- Full Get/List permissions to KeyVault used by the App Config instance
There seems to be very little I can "get wrong" with this particular extension - the options are limited to:
- Select Service Connection
- Select App Config instance
.. and thats about it
Does anyone have any suggestions?
The role 'Owner' does not grant access to the configuration values.
Contributor or Owner: Use this role to manage the App Configuration resource. It grants access to the resource's access keys. While the App Configuration data can be accessed using access keys, this role doesn't grant direct access to the data using Microsoft Entra ID. This role is required if you access the App Configuration data via ARM template, Bicep, or Terraform during deployment.
The role you'll need is App Configuration Data Reader if you need to read values, or App Configuration Data Owner if you need read/write/delete access to App Configuration data.
- Get All Pipeline Parameters Through Azure DevOps REST API
- Unable to execute Terraform after converting Service Connection to Workload Identity
- Package is not found in the following primary source
- While scanning a simple key, could not find expected ':'. Syntax error in azure-pipeline.yaml
- ##[error]Project file(s) matching the specified pattern were not found
- Is there a way to get the equivalent of a git diff on a pull request in Azure DevOps?
- Query Azure DevOps for all items with no open children
- Azure DevOps YAML deployment pipeline cannot reference variable group in stage
- How can I create a Work Item linked to existing item using DevOps rest api?
- Pipeline is not triggered for the Pull Request on Azure DevOps Pipeline
- Separate pipeline for each branch
- Azure Devops Apple App Store Release.Missing value for the attribute 'whatsNew'
- What directory should I use to manipulate files that will be consumed in other tasks, but not published as artifacts?
- How do I use expressions when defining variables in Azure DevOps yaml pipelines
- Is it possible to list only files deleted from TFS using tf dir?
- Azure Devops environment variable gets cross contaminated when run in parallel
- Azure pipeline template: dynamically retrieve and story keyvault secrets
- Trigger Multiple pipelines using another pipeline (same Project) - Azure DevOps
- Pull requests using the Azure DevOps plugin in JetBrains Rider
- Failed tests only showing the stacktrace, not the full logs
- nested pipelines error - unexpected value 'jobs'
- Azure DevOps REST API - Update pre-deployment artifacts
- Using Azure Devops Python API to create PR and add tags to it in the same call
- what is the correct way or version to add flutter extension to azure devops
- Two pipelines across different organizations on Azure DevOps
- Failed to add virtual machine resource. Linked environment pool is null
- Pipeline YAML template defines variables at the job level, but they are not being resolved into their values
- How to create a feature burndown chart in Azure DevOps?
- az rest for azure devops only returns 203 to login
- How to count direct and indirect test cases for Features, Requirements, and Change Requests in Power BI using DAX?