Scenario

Customers follow the Microsoft doc to create CMK encrypted objects (data source, index etc.), but get the 500 Internal Server Error:

{‘error’:{‘code’:”,’message’:’Could not use key vault key to wrap/unwrap the encryption key. {\’Message\’:\’An error has occurred.\’}’}

Possible Causes

The key vault host is incorrect, e.g. incorrect key vault domain.

Action: check the keyVaultUri in the Json payload.

The key vault host is inaccessible to search. For example, the key vault has public network access disabled but does not have a shared private link (SPL) configured from search. 

Action: check the SPL configurations or create a SPL. 

Note that if the key vault Uri is correct or accessible, the error message due to a wrong key vault key name or version in the JSON payload is slightly different. The error message has the complete key vault key path.

{
“error”: {
“code”: “”,
“message”: “Could not use key vault key https://keyvaultname.vault.azure.net:443/keys/wrongkeyname to wrap/unwrap the encryption key. The key vault key cannot be found.”
}
}

​Microsoft Tech Community – Latest Blogs –Read More