Working on Private Endpoint implementation for KeyVault, for that I enabled Private Endpoint and access is allowed to only selected networks. And no exceptions (no one can bypass the rule)
After doing that I was trying to add a Secret in a Key Vault but was notified with following error
"When enabledForTemplateDeployment is true, networkAcls.bypass must include "AzureServices""
Why it happened
So seeing the error I verified and confirmed that enabledForTemplateDeployment is true
But this Specifies whether Azure Resource Manager is permitted to retrieve secrets from the key vault thus this is not why the error was popped.
The other part of error says that network access control is enabled.
networkAcls.bypass - Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'.
But as I have selected No in exceptions, no azure services can access Key Vault (cannot bypass the firewall).
What to do
The KeyVault in which I was tying to add secret has Private Endpoint enabled and access is allowed to only selected networks.
Thus I need to be inside that network to access Key Vault, for I logged in to one of the VM which is part of this Virtual Network and that's it - was able to add secret.
