I have a setup where I've disabled public access to my Azure Key Vault and allowed trusted Microsoft services to bypass the firewall. I'm wondering if it's possible to access the Key Vault via a web browser in this setup, considering I'm connected through an Azure VPN with a private endpoint. I've run into some issues, and I just want to clarify if I'm missing something. Here's my current setup:
- Azure Key Vault with public access disabled and Microsoft services allowed to bypass the firewall.
- Private endpoint connected to a subnet in an Azure virtual network that has no network security groups attached.
- There's a private DNS resolver linked to the VNet with an inbound endpoint.
- The Azure VPN client is using the inbound endpoint as the DNS server and all provisioning states show as "Succeeded".
Can someone please help me figure out what I might be doing wrong or confirm if it's actually impossible to access it this way?
2 Answers
Hey! First off, do you have a private link DNS zone set up for the Key Vault? It sounds like you might not have mentioned it. Also, is your P2S VPN configured to use the DNS private resolver inbound endpoint? If you're just testing from a PC with a P2S VPN, you could add a host file entry for the Key Vault's FQDN and map it to the private endpoint's IP to check if the connection works. That could help you troubleshoot your access issues!
Make sure your conditional forwarder setup is correct. Are you pointing specifically to the Key Vault's FQDN or the broader domain? You can still access the Key Vault via the Azure Portal, but for programmatic access from on-premises or via a resource in the VNet hitting the private endpoint, you'd need that setup. It might be worth reviewing how you'd like to access the vault.
Related Questions
How to Build a Custom GPT Journalist That Posts Directly to WordPress
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads