Azure Keyvault - "Operation "list" is not allowed by vault policy" but all permissions are checked
I am accessing KeyVault with .NET client with an AAD application. Although all permissions under secrets are enabled for this AAD app (screenshot below) I am getting "The operation "List" is not enabled in this key vault's access policy" if I navigate to the Secret panel.
I would like to be able to set the permissions via the AAD application and so using Powershell wouldn't be an option.
If I set the permissions via Powershell - it does work.
How I'm creating my access policies:
var accessPolicy = new AccessPolicyEntry
{
ApplicationId = app,
ObjectId = Obid,
PermissionsRawJsonString = "{ \"keys\": [ \"all\" ], \"secrets\": [ \"all\" ], \"certificates\": [ \"all\" ] }",
TenantId = ten,
};
return accessPolicy;
which gives me
Then the list error appears and so I have to use
Set-AzureRmKeyVaultAccessPolicy -VaultName vaultname -ResourceGroupName location -ObjectId obid -PermissionsToKeys all -PermissionsToSecrets all
That will get rid of the error but I would much prefer a solution so I can work with the .NET SDK to resolve.
Answer
I had the same issue and the solution was to get to my vault's Access Policies blade, then click on my application and activate List on Key permissions / Secret permissions