问题
I'm trying to import certificate to Azure Key Vault through Azure Pipelines task Azure PowerShell
I've entered this inline script there:
$Password = ConvertTo-SecureString -String "$(cert.password)" -AsPlainText -Force
Import-AzureKeyVaultCertificate -VaultName %KVNAME% -Name %NAME% -FilePath $(cert.secureFilePath) -Password $Password
And I'm getting such error: "Key not valid for use in specified state"
Do you have any suggestions on the cause of error?
回答1:
Key not valid for use in specified state
According to the error information, it seems that your Azure connection string has no permission to do that action.
Please have a try to use the following way to give the permission to the Azure connection string.
Firstly, if we want to access the Azure Resource, we need to config IAM.
Secondly, if we want to import the certificate to Key Vault, access policy also need to added. After that, PowerShell command Import-AzureKeyVaultCertificate should work in the Azure Devops pipeline.
Note: The application Id should be the same with the service principle Id that used for azure connection string.
来源:https://stackoverflow.com/questions/54460672/importing-certificate-to-azure-key-vault-key-not-valid-for-use-in-specified-sta