profile
viewpoint

Ask questionsKubernetes (AKS) - Azure Key Vault Secret Store: failed to get oauth token from certificate auth: failed to read the certificate file

Hey Community, I have problems using my certificate in Kubernetes (AKS) for my Azure Key Vault Secret Store.

It works wonderfully with local hosting. I made the configuration according to the instructions and also added the certificate file to the Kubernetes Store. But unfortunately I get the following error message with Kubernetes when starting the dapr sidecar:

time="2021-07-14T14:31:57.756966579Z" level=warning msg="failed to init state store secretstores.azure.keyvault/v1 named azurekeyvault: failed to get oauth token from certificate auth: failed to read the certificate file (0\x82\nP\x0...a\xd0: invalid argument" app_id=mywebapp instance=mywebapp-5557c78c9b-v86ss scope=dapr.runtime type=log ver=1.2.2 time="2021-07-14T14:31:57.757159681Z" level=fatal msg="process component azurekeyvault error: failed to get oauth token from certificate auth: failed to read the certificate file (0\x82\nP\x02\x\xde: invalid argument" app_id=mywebapp instance=mywebapp-5557c78c9b-v86ss scope=dapr.runtime type=log ver=1.2

i have done all the steps according to this documentation: https://docs.dapr.io/reference/components-reference/supported-secret-stores/azure-keyvault/

My Kubectl command: kubectl create secret generic k8s-secret-store --from-file=myapp-certificate=myapp-secrets-myapp-certificate-20210713.pfx

My azurekeyvault.yaml

apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
  name: azurekeyvault
  namespace: default
spec:
  type: secretstores.azure.keyvault
  version: v1
  metadata:
    - name: vaultName
      value: myapp-secrets
    - name: spnTenantId
      value: "460d88b8-d055-4149-9f03-XXX" #changed to XXX only on this post
    - name: spnClientId
      value: "dd964473-808e-4a82-a167-XXX" #changed to XXX only on this post
    - name: spnCertificateFile
      secretKeyRef:
        name: k8s-secret-store
        key: myapp-certificate
auth:
    secretStore: kubernetes
dapr/dapr

Answer questions GregorBiswanger

It was my fault. I used spnCertificateFile and that is for local. I changed it to spnCertificate and now it works.

useful!
source:https://uonfu.com/
answerer
Gregor Biswanger GregorBiswanger cross-platform-blog.com Germany http://about.me/gregor.biswanger Microsoft MVP, Intel Black Belt & Intel Software Innovator - is freelancer as consultant, author, speaker & trainer.
Github User Rank List