Can't enable encryption using Customer Managed Key

[Pavkum007]

I can't enable encryption using Customer Managed Key.

the following resources are created :

1. User Assigned managed identity
2. Azure KeyVault with a RSA key added

the identity is assigned Contributor on subscription and KeyVault Crypto Officer and KeyVault Crypto Encryption User Roles on the KeyVault.

Now I am trying to create App Configuration from azure portal. When I enable "Customer Managed Key" in the Encryption tab. Select the Identity, Keyvault and the key - I get the following error on the screen - The selected identity must have “get”, “wrapKey” and “unwrapKey” permissions on the managed key.

I am not sure what the issue is here. Can you please help

[Pavkum007]

Hi Team, can you please help here?

[juniwang]

Hi @Pavkum007, thanks for reaching out. We're aware of this issue and are currently working to reproduce and identify the root cause. We'll keep you updated.

[jiayi11]

Hi @Pavkum007, thanks for reporting this issue. This is a code defect in the portal, the fix of this issue will be deployed in the next round of release in the next few weeks. I'll let you know as soon as I have a more specific date.
In the meanwhile, as a workaround, could you try to create the store first without enabling encryption, and then enable it from "Encryption" blade of the store?