While enabling encryption-at-rest on MongoDB Atlas, I constantly got Invalid Azure credentials error. I’ve cross checked credentials using curl on OAuth Microsoft Identity Platform API and with that token I can access key-vault key. It might be a bug in Atlas or Am I doing something wrong?
{"errorCode":"INVALID_AZURE_CREDENTIALS","message":"Invalid Azure credentials","params":[],"version":"1","status":"ERROR"}
Using CLI we can access the key, see below (our password aka secret contains special characters like %& etc):
# gives access token
curl -X POST https://login.microsoftonline.com/<REDACTED>/oauth2/v2.0/token -H "Content-Type: application/x-www-form-urlencoded" -d 'client_id=<REDACTED>&scope=https%3A%2F%2Fvault.azure.net%2F.default&client_secret=<REDACTED>&grant_type=client_credentials'
curl -X GET -H "Authorization: Bearer <REDACTED>" https://mongodb-atlas-vault.vault.azure.net/keys/mongodb-atlas-key/<REDACTED>\?api-version\=7.2
{"key":{"kid":"https://mongodb-atlas-vault.vault.azure.net/keys/mongodb-atlas-key/<REDACTED>","kty":"RSA","key_ops":["decrypt","encrypt","sign","verify","unwrapKey","wrapKey"],"n":"<REDACTED>","e":"AQAB"},"attributes":{"enabled":true,"created":1644600271,"updated":1644600271,"recoveryLevel":"Recoverable","recoverableDays":90},"tags":{}}%
It started to work magically today. I assume it was a temporary problem at mongodb atlas end.
This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.