[Azure AI Search] Internal Server Error when creating CMK encrypted objects
Scenario
Customers follow the Microsoft doc to create CMK encrypted objects (data source, index etc.), but get the 500 Internal Server Error:
{'error':{'code':'','message':'Could not use key vault key to wrap/unwrap the encryption key. {\\'Message\\':\\'An error has occurred.\\'}'}
Possible Causes
- The key vault host is incorrect, e.g. incorrect key vault domain.
- Action: check the keyVaultUri in the Json payload.
- The key vault host is inaccessible to search. For example, the key vault has public network access disabled but does not have a shared private link (SPL) configured from search.
- Action: check the SPL configurations or create a SPL.
Note that if the key vault Uri is correct or accessible, the error message due to a wrong key vault key name or version in the JSON payload is slightly different. The error message has the complete key vault key path.
{
"error": {
"code": "",
"message": "Could not use key vault key https://keyvaultname.vault.azure.net:443/keys/wrongkeyname to wrap/unwrap the encryption key. The key vault key cannot be found."
}
}
Published on:
Learn moreRelated posts
Azure SDK Release (September 2024)
The Azure SDKs release every month. This post includes the month's highlights and release notes. The post Azure SDK Release (September 2024) a...
Azure Boards, September Update
September was a productive month for Azure Boards, and we’re excited to share some of the new features coming your way. Area and Iteration Lev...
Build a chatbot on your own data in 1 hour with Azure SQL, Langchain and Chainlit
Chatbots are the hot topic lately, and now you can create them easily by downloading solutions like OpenWebUI, connect it to Ollama or any Ope...
Announcing the public preview of the new Azure FXv2-series Virtual Machines
Today, Microsoft is announcing the public preview of the new Azure FXv2-series Virtual Machines (VMs), based on the 5th Generation Intel® Xeon...
Specifying client ID and secret when creating an Azure ACS principal via AppRegNew.aspx will be removed
Starting from early October 2024, Azure ACS (Access Control Service) will remove the option to specify client ID and secret when creating prin...
Announcing Public Preview of Windows Server Hotpatch enabled by Azure Arc
We’re excited to announce the Public Preview of Hotpatch enabled by Azure Arc for Windows Sever 2025 Datacenter and Standard editions! ...
OneDrive support for RemoteApp in Azure Virtual Desktop
We are excited to announce that Microsoft OneDrive support is now available for RemoteApp in Azure Virtual Desktop! Previously, OneDrive could...
Announcing Cost and Performance Improvements with Azure Cosmos DB’s Binary Encoding
We are excited to announce a significant enhancement to Azure Cosmos DB, bringing substantial cost savings and performance improvements to our...