Azure Keyvault Secrets in pipeline, secret provider not found

My test pipeline is failing instantly with error “The secrets provider can not be found” when attempting to use the newly release Azure Keyvault Secret provider

Following this documentation Use Azure Key Vault secrets in GitLab CI/CD | GitLab

Using the SaaS Premium licenced gitlab and public runners (they advertise as 16.3-beta)

Pipeline codes looks like

stages:
  - prepare

job:
  stage: prepare
  image: mcr.microsoft.com/azure-cli:latest
  secrets:
    testpassword:
      azure_key_vault:
        name: 'test-secret'
        version: '<secret version>'
  script:
    - az login --service-principal -u $ARM_CLIENT_ID -t $ARM_TENANT_ID --federated-token $CI_JOB_JWT_V2
    - az account show
    - echo $testpassword

I’ve tried with and without the id_tokens keyword, my read from the gitlab feature issue is this should be optional and fallback on the CI_JOB_JWT_V2 if not present.

The azure federation works. If I remove secrets keyword the az login/account show work perfectly.

Hi, if you are on paid tier, you will get more qualified and faster reply if you reach out to GitLab support https://support.gitlab.com

But from the first look you are missing a variable name in there, the secrets block should be:

secrets:
  testpassword: # this is missing
    azure_key_vault:
      name: 'test-secret'
      version: '<secret version>'

Thanks balonik for the reply, unfortunately I did actually have that line, just a bad copy paste job into this forum. I will try support if no solution presents its self, and once I do get an answer I’ll update this thread to help others who search for this issue.

Looks like there’s a bug. The ci/cd variable VAULT_SERVER_URL is required to be set, even though AZURE_KEYVAULT_SERVER_URL is set and we’re not using hashi vault.