Encryption at Rest Using Key Management

While enabling encryption-at-rest on MongoDB Atlas, I consistently get an “Invalid Azure credentials” error. I’ve connected to Azure and can successfully access the key-vault key in PowerShell with the same credentials that are being used. We set up another cluster in the same org a few months ago. When we set up the encryption, it also got that same error, but the next day it just worked for the first instance. The current issue has been going on for a couple of days and still doesn’t work. Has anyone else seen this issue or know what may be causing the error?

Hello @Caycee_Cress ,

Welcome to The MongoDB Community Forums! :wave:

I would advise you to bring this up with the Atlas chat support team . They may be able to check if anything on the Atlas side could have possibly caused this issue. In saying so, if a chat support is raised, please provide them with the following:

  1. Cluster link / name which experienced the issue
  2. Time & date including timezone for when it occurred
  3. Exact error message output
  4. Any additional details that you think will help them point to the issue


We have tried reaching out through chat support hoping to at least just get the detail of the exact error since it’s known the credentials are good. However, the only advice given was to either pay for Developer support or to try the forum. Seems silly to pay $800 to simply get an error message that is being masked incorrectly.

Hello Caycee,

It seems others have gotten this error when the Azure Key Vault Reader role was not assigned to the service principal. There is a list of prerequisite steps in the the Azure Key Vault documentation for Manage Customer Keys that you can review to see if there was perhaps a missed step.

I hope this helps,


1 Like

Thank you, however, the service principal does have the role. As mentioned above we can use the az PowerShell module to authenticate using the same client and secret. Once authenticated we are also able to successfully retrieve the secret.