I was having an issue debugging an Azure Function locally. The start routine loaded the Key Vault secrets into config to be used later:
var secretClient = new SecretClient( new Uri($"https://{keyVault.KeyVaultName}.vault.azure.net/"),
new DefaultAzureCredential());
configBuilder.AddAzureKeyVault(secretClient, new AzureKeyVaultConfigurationOptions()
{ Manager = new APIKeyVaultSecretManager(keyVault.KeyVaultSecretNames),
ReloadInterval = TimeSpan.FromSeconds(keyVault.ReloadIntervalSeconds)
}
The problem was I have multiple tenants on my credentials and received this exception:
AKV10032: Invalid issuer error for listing of key vault secrets from nondefault tenant subscription
The fix was to specify in an Azure configuration setting the actual tenant to use [AZURE_TENANT_ID]:
Tenants can be listed using the command: az account list
