Azure Keyvault and bastion integration

Question

Hello,I&nbsp; connect to&nbsp; my jump server via bastion, and uses KV to retrieve local administrator password of the jumpseever , then from my jumpserver&nbsp; launch RDP session onto my servers . However after setting up private endpoint , bastion is not able to retrieve the jumpserver password .i confirmed my servers can access KV over the private link and resolves to internal KV private link address .Does Azure bastion support&nbsp; private link? or perhaps managed identity issue and&nbsp; creating one&nbsp; bastion to allow allow access to KV would resolve the issue? if so not sure how to create&nbsp;Error message from bastion &gt;&gt;&gt;"unable to list key"&nbsp; and perhaps identity permissions to KV&nbsp; is the issue?&nbsp;&nbsp;&nbsp;Any ideas?thanks

ibnmbodji · Answer

Hello there is no private link resource for Azure Bastion
You can check the full list here : https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-overview.

However, as Igor suggest you can try to link (virtual network link) the key vault private DNS zone to your bastion virtual network.

igorormus · Answer

DarrenRD&nbsp;have you linked the bastion vnet with the KV private dns zone, this was the issue in my case and linking it resolved the problem&nbsp;

dinesh_kumar_palani · Answer

IgorOrmus&nbsp;Hi, I have the same issue even after linking Key vault DNS Zone to vnet where Azure Bastion is hosted. Do we have any other solution?

kidd_ip · Answer

DarrenRD&nbsp;Seems the Private DNS that you need to look into

t3ck4 · Answer

Same issue for me.

Forum Discussion

Azure Keyvault and bastion integration

5 Replies

Resources