[Azure AI Search] Internal Server Error when creating CMK encrypted objects
Scenario
Customers follow the Microsoft doc to create CMK encrypted objects (data source, index etc.), but get the 500 Internal Server Error:
{'error':{'code':'','message':'Could not use key vault key to wrap/unwrap the encryption key. {\\'Message\\':\\'An error has occurred.\\'}'}
Possible Causes
- The key vault host is incorrect, e.g. incorrect key vault domain.
- Action: check the keyVaultUri in the Json payload.
- The key vault host is inaccessible to search. For example, the key vault has public network access disabled but does not have a shared private link (SPL) configured from search.
- Action: check the SPL configurations or create a SPL.
Note that if the key vault Uri is correct or accessible, the error message due to a wrong key vault key name or version in the JSON payload is slightly different. The error message has the complete key vault key path.
{
"error": {
"code": "",
"message": "Could not use key vault key https://keyvaultname.vault.azure.net:443/keys/wrongkeyname to wrap/unwrap the encryption key. The key vault key cannot be found."
}
}
Published on:
Learn moreRelated posts
Creating AI-Powered Power Apps Using Azure OpenAI (2026 Guide)
Introduction Artificial Intelligence is rapidly transforming the way businesses build applications. Traditional business apps required users t...
How to Integrate ChatGPT with Dynamics 365 Using Azure Functions (Complete 2026 Guide)
Introduction Artificial Intelligence is transforming enterprise applications, and Microsoft Dynamics 365 is no exception. Businesses are incre...
How to build long-running MCP tools on Azure Functions
Learn how to build long-running MCP tools on Azure Functions using Durable Functions. This post explains why synchronous tool calls break down...