我正在尝试使用“客户”管理的密钥选项创建带有加密的索引/同义词映射,但是我不能这样做。
我不断从服务中获取以下错误:
Failed to verify account key (HTTP Status Code: 403).
这是我的同义词映射表的请求正文如下:
{
"name":"test",
"format":"solr",
"synonyms":"",
"encryptionKey":
{
"keyVaultKeyName":"AzSearchKey2",
"keyVaultKeyVersion":"02cc721e41654f079c173744313f24b0",
"keyVaultUri":"https://mykeyvault.vault.azure.net"
}
}
我已经完全按照此处指定的说明进行操作:https : //docs.microsoft.com/en-gb/azure/search/search-security-manage-encryption-keys。
到目前为止,这是我所做的:
我使用“基本” SKU创建了搜索服务(因为该功能在“免费”层中不可用)。
我进入了搜索服务的“身份”部分,并将其分配为托管身份。
我相信我正在做文档中提到的所有事情,所以我不确定我做错了什么。
Interesting thing is that I was able to do this without any problem yesterday with another search service and key vault.
My guess is that I am missing some minor detail. Would appreciate if someone could point it out for me.
UPDATE
Big thanks to Cognitive Search team for working with me on this. The error message I am getting is because of an issue with the code (I was returning a standard message whenever the service returned 403 status code).
The service is still returning the error. The actual error message returned by the service is:
Could not use key vault key https://mykeyvault.vault.azure.net:443/keys/AzSearchKey2/02cc721e41654f079c173744313f24b0
to wrap/unwrap the encryption key. The key vault key deletion-recovery level is insufficient.
Soft-Delete and Purge Protection must be enabled on Key vault, see: https://aka.ms/key-vault-soft-delete
After following up privately with Gaurav, we came to the conclusion that it was due to the key retention period being too short (7 days retention instead of 90 days). We just updated the product code to support shorter retention periods (down to 7 days), and the patch will be deployed globally in the upcoming weeks. In the meantime, if you hit the same issue, please update your key retention policy to 90 days. You can recognize this error state if you receive the following message from Azure Search when creating an encrypted index or synonym map:
DataPlaneApiException : Could not use key vault key (YOUR_KEY_URL) to wrap/unwrap the encryption key. The key vault key deletion-recovery level is insufficient. Soft-Delete and Purge Protection must be enabled on Key vault, see: https://aka.ms/key-vault-soft-delete.
Thank you
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句