sops: Cannot get Azure Keyvault example to work
Hi!
I am trying to follow the Azure Keyvault example (https://github.com/mozilla/sops#encrypting-using-azure-key-vault) but cannot get it to work. I have redone the example several times but always end up with this error:
[AZKV] ERRO[0030] Encryption failed error="azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to https://sops-XXXXXX.vault.azure.net/keys/sops-key/XXXXXXX/encrypt?api-version=2016-10-01: StatusCode=0 -- Original Error: adal: Failed to execute the refresh request. Error = 'Get http://XXX.XXX.XXX.XXX/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fvault.azure.net: dial tcp XXX.XXX.XXX.XXX:80: i/o timeout'" key=sops-key version=a114809b9efe4b7286aa67317a5e5ccd
Could not generate data key: [failed to encrypt new data key with master key "https://sops-XXXXXX.vault.azure.net/keys/sops-key/XXXXXXX": Failed to encrypt data: azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to https://sops-XXXXXX.vault.azure.net/keys/sops-key/XXXXXXX/encrypt?api-version=2016-10-01: StatusCode=0 -- Original Error: adal: Failed to execute the refresh request. Error = 'Get http://XXX.XXX.XXX.XXX/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fvault.azure.net: dial tcp XXX.XXX.XXX.XXX:80: i/o timeout']
I am following the instructions step by step, I even tried creating a new resource group and a new service principal, but that didn’t work either. I also set the environment variables specified in the instructions to the values provided by the service principal. Any ideas what I’m doing wrong?
About this issue
- Original URL
- State: closed
- Created 6 years ago
- Comments: 23 (10 by maintainers)
I found the issue, I was setting required env variables as bash variable like below which does not set the env variable.
The correct way is
So it is better to show the setup of env variables explicitly in the documentation.