]
In the Key Vault lab, encryption works but decryption always fails due to permission restrictions in the lab environment. This makes it impossible for learners to complete the decryption step as written.
Please check
I tried the lab, using Srikanth’s solution. His Step 4 errors out, but is unneeded; if you follow his step, you’ll find that you can indeed decrypt the data. You’ll need to edit the value of his variables to match the lab, however.
have u been able to complete lab 27
yes completed the lab
Hi @rob_kodekloud I completed the Key Vault lab successfully — key creation, encryption, and decryption all worked and the decrypted file matched the original. However, during validation the script reports “Key not found” even though the key clearly exists and was used. This appears to be a lab validation issue or environment reset during validation. Please review or grant completion.
finally completed the lab. Thanks @rob_kodekloud
Title: Key Vault access policy fails due to service principal login
Issue:
This lab uses a service principal / managed identity login, not an Azure AD user. As a result:
-
az ad signed-in-user showand/mefail -
az keyvault set-policy --upnfails with Insufficient privileges
Fix:
Set the Key Vault policy using the service principal (SPN):
SP_APP_ID=$(az account show --query user.name -o tsv)
az keyvault set-policy --name <kv-name> --spn $SP_APP_ID --key-permissions all
Note:
Validator expects an RSA (2048) key even though the lab mentions a symmetric key.