Azure Keyvault and bastion integration

Occasional Contributor

Hello,

I  connect to  my jump server via bastion, and uses KV to retrieve local administrator password of the jumpseever , then from my jumpserver  launch RDP session onto my servers . However after setting up private endpoint , bastion is not able to retrieve the jumpserver password .

i confirmed my servers can access KV over the private link and resolves to internal KV private link address .

Does Azure bastion support  private link? or perhaps managed identity issue and  creating one  bastion to allow allow access to KV would resolve the issue? if so not sure how to create 

Error message from bastion >>>"unable to list key"  and perhaps identity permissions to KV  is the issue?  

 

Any ideas?

thanks

1 Reply
Hello there is no private link resource for Azure Bastion
You can check the full list here : https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-overview.
Also the key vault private link will not work because of this :
"You can use Azure Bastion with Azure Private DNS Zones as long as the zone name you select doesn't overlap with the naming of these internal endpoints. "
management.azure.com
blob.core.windows.net
core.windows.net
vaultcore.windows.net
vault.azure.com
azure.com

However i think you can try to restrict the access by allowing the Azure Bastion subnet to access the Key vault .