web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Welcome to the Power Platform Communities
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / Error message 'This va...
Power Apps
Unanswered

Error message 'This variable didn't save properly. User is not authorized to read secrets from subscriptions ###'

(0) ShareShare
ReportReport
Posted on by Amjadwz1 4

Hello PowerApps Community,

I'm encountering an issue with an error message and I'm hoping someone can assist me. When attempting to set an environment variable as "Secret" with the data type as "Azure Key Vault" in my solution, I receive the following error message: "This variable didn't save properly. User is not authorized to read secrets from subscriptions ###".

I have verified that I have the necessary security permissions for the Key Vaults in my Azure subscription, and it appears that everything is in order. However, I still encounter this error message and I am unable to successfully save the variable.

Has anyone else experienced a similar issue or does anyone have any ideas on how to resolve this problem? Any hints or advice would be greatly appreciated.

Screenshot 2023-06-20 115057.png

Categories:
Building Power Apps
I have the same question (0)
  • Linn Zaw Win Profile Picture
    Linn Zaw Win 2,996 on at

    Point no.5 in the Prerequisites of Configure Azure Key Vault is mentioned below. Can you double check the service account has the Key Vault Secrets User role?

    Azure Key Vault must have the Key Vault Secrets User role granted to the Dataverse service principal.

    Please also go through the other items in the prerequisites and make sure that it aligns with your current setup.

     

     

  • billkan Profile Picture
    billkan 10 on at

    met all the pre-requisite and still the same error creating variable using azure key vault. what do you need from me to fix this?

  • westerdaled Profile Picture
    westerdaled 670 on at

    I also have the same issue.

     

    This variable didn't save properly. User is not authorized to read secrets from '/subscriptions/<subscription>/resourceGroups/rg-dev-powerplatform/providers/Microsoft.KeyVault/vaults/PPDev-KeyVault/secrets/secKey' resource.

     

    Firstly,  I couldn't assign the Key Vault Secrets User role to Dataverse service principal, unless I toggled the permission model to Vault Access policy

     

    westerdaled_0-1697012729019.png

    Afterwhich,I toggled this back to Azure role based access as this seems to be the recommended way foward.

     

    Next, I have added some candidate service principals to the Key Vault Secrets User role. Note, the Dataverse service principal below has the correct App Id as per the documentation.

     

     

    westerdaled_1-1697012832496.png

     

    I am the owner of the key vault, the Power Platfrom solution ( and admin) and tenant admin and yet I am still getting the above error.  

     

    Has anyone seen this issue ?

     

     

     

     

     

     

     

     

  • westerdaled Profile Picture
    westerdaled 670 on at

    Actually, the answer is obvious in my case 🙄.  Even though I own the key vault, I still have to manually create the key in the Azure portal. It won't be done automatically when I create the secret environment variable.  This time no errror and the key is safe and sound in the vault!

  • billkan Profile Picture
    billkan 10 on at

    figure out my own problem here. in the instruction I needed to add service principal called Dataverse. I just wish they could have made emphasis on that like put a quote, bold type around that to make a noun. 

     

    billkan_0-1697222921755.png

     

  • Motor-Ola Profile Picture
    Motor-Ola 14 on at

    Seems like you guys got this to work, but I am struggling abit... First, I do not understand the point with the dataverse service principal - as I'm creating the Environment Variable as me/myself/i. Anyway, I did go ahead and created a Dataverse Service Principal (ie app registration), with api rights to dynamics, and added this as an application user in the dataverse environment just in case this was some kind of magic going on. Still get the error while trying to create the environment variable.

     

    logging into azure and checking my access rights (same user as the one I tried to create the environemt variable with) it looks OK...?

    MotorOla_0-1708353357661.png

    Anyone?

  • Motor-Ola Profile Picture
    Motor-Ola 14 on at

    Think I found a workaround on this:

    1. Set access configuration on the vault to Vault Access Policy (even though the other one is the recommended one)

    2. THEN save and go to "Access policies"

    3. Now you can find the hidden "Dataverse" app registrion by clicking "Create", choose template secrete management, under the tab "Principal" look up "Dataverse" and confirm it has a GUID starting on "00000007-"

    4. Save. And do the same with the user creating the environment variable.

  • gbuckholtz Profile Picture
    gbuckholtz on at

    I have a follow-up question regarding the Dataverse service principal.  Is this simply an app registration that is named 'Dataverse' and has an API permission to Dynamics CRM?

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the March Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
11manish Profile Picture

11manish 530

#2
WarrenBelz Profile Picture

WarrenBelz 459 Most Valuable Professional

#3
Haque Profile Picture

Haque 314

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans