trce: Sign.SignatureProviders.KeyVault.KeyVaultService[0]
Fetching certificate from Azure Key Vault.
fail: Azure.Identity[10]
False MSAL 4.83.1.0 MSAL.NetCore .NET 8.0.25 Microsoft Windows 10.0.26100 [2026-05-01 10:00:57Z - b64cfd1d-f3e8-449e-abc3-3a70f325b0fd] Error message: [Managed Identity] Authentication unavailable. Either the requested identity has not been assigned to this resource, or other errors could be present. Ensure the identity is correctly assigned and check the inner exception for more details. For more information, visit https://aka.ms/msal-managed-identity.
Status: BadRequest
Content:
{"error":"invalid_request","error_description":"Identity not found"}
Headers:
Server: IMDS/150.870.65.2020
x-ms-request-id: a0b616f1-ee7e-4d1f-8cce-db5d8df16fff
Date: Fri, 01 May 2026 10:00:56 GMT
[Managed Identity] Error Code: invalid_request Error Description: Identity not found Http status code: BadRequest
fail: Azure.Identity[10]
False MSAL 4.83.1.0 MSAL.NetCore .NET 8.0.25 Microsoft Windows 10.0.26100 [2026-05-01 10:00:57Z - b64cfd1d-f3e8-449e-abc3-3a70f325b0fd] Exception type: Microsoft.Identity.Client.MsalServiceException
, ErrorCode: managed_identity_request_failed
HTTP StatusCode 0
CorrelationId b64cfd1d-f3e8-449e-abc3-3a70f325b0fd
To see full exception details, enable PII Logging. See https://aka.ms/msal-net-logging
at Microsoft.Identity.Client.ManagedIdentity.ImdsManagedIdentitySource.HandleResponseAsync(AcquireTokenForManagedIdentityParameters parameters, HttpResponse response, CancellationToken cancellationToken)
at Microsoft.Identity.Client.ManagedIdentity.AbstractManagedIdentity.AuthenticateAsync(AcquireTokenForManagedIdentityParameters parameters, CancellationToken cancellationToken)
at Microsoft.Identity.Client.ManagedIdentity.ManagedIdentityClient.SendTokenRequestForManagedIdentityAsync(RequestContext requestContext, AcquireTokenForManagedIdentityParameters parameters, CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.ManagedIdentityAuthRequest.SendTokenRequestForManagedIdentityAsync(ILoggerAdapter logger, CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.ManagedIdentityAuthRequest.GetAccessTokenAsync(CancellationToken cancellationToken, ILoggerAdapter logger)
at Microsoft.Identity.Client.Internal.Requests.ManagedIdentityAuthRequest.ExecuteAsync(CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.RequestBase.<>c__DisplayClass11_1.<<RunAsync>b__1>d.MoveNext()
--- End of stack trace from previous location ---
at Microsoft.Identity.Client.Utils.StopwatchService.MeasureCodeBlockAsync(Func`1 codeBlock)
at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken)
fail: Sign.Core.ISigner[0]
AKV10046: Unable to resolve the key used for signature validation. EncodedJwtHeader: '***'.
Status: 401 (Unauthorized)
ErrorCode: Unauthorized
Content:
{"error":{"code":"Unauthorized","message":"AKV10046: Unable to resolve the key used for signature validation. EncodedJwtHeader: '***'."}}
Headers:
Cache-Control: no-cache
Pragma: no-cache
x-ms-keyvault-region: westus2
x-ms-client-request-id: 57f59fc7-3012-4cd0-87df-c178a9ade81b
x-ms-request-id: f3aca4d3-96d6-4c79-90c6-dd6e33d6aa22
x-ms-keyvault-service-version: 1.9.3070.2
x-ms-keyvault-network-info: conn_type=Ipv4;addr=52.225.25.50;act_addr_fam=InterNetwork;
X-Content-Type-Options: REDACTED
Strict-Transport-Security: REDACTED
WWW-Authenticate: ***"https://login.microsoftonline.com/***", resource="https://vault.azure.net/"
Date: Fri, 01 May 2026 10:00:58 GMT
Content-Type: application/json; charset=utf-8
Expires: -1
Content-Length: 266
Azure.RequestFailedException: AKV10046: Unable to resolve the key used for signature validation. EncodedJwtHeader: '***'.
Status: 401 (Unauthorized)
ErrorCode: Unauthorized
Content:
{"error":{"code":"Unauthorized","message":"AKV10046: Unable to resolve the key used for signature validation. EncodedJwtHeader: '***'."}}
Headers:
Cache-Control: no-cache
Pragma: no-cache
x-ms-keyvault-region: westus2
x-ms-client-request-id: 57f59fc7-3012-4cd0-87df-c178a9ade81b
x-ms-request-id: f3aca4d3-96d6-4c79-90c6-dd6e33d6aa22
x-ms-keyvault-service-version: 1.9.3070.2
x-ms-keyvault-network-info: conn_type=Ipv4;addr=52.225.25.50;act_addr_fam=InterNetwork;
X-Content-Type-Options: REDACTED
Strict-Transport-Security: REDACTED
WWW-Authenticate: ***"https://login.microsoftonline.com/***", resource="https://vault.azure.net/"
Date: Fri, 01 May 2026 10:00:58 GMT
Content-Type: application/json; charset=utf-8
Expires: -1
Content-Length: 266
at Azure.Security.KeyVault.KeyVaultPipeline.SendRequestAsync(Request request, CancellationToken cancellationToken)
at Azure.Security.KeyVault.KeyVaultPipeline.SendRequestAsync[TResult](RequestMethod method, Func`1 resultFactory, CancellationToken cancellationToken, String[] path)
at Azure.Security.KeyVault.Certificates.CertificateClient.GetCertificateAsync(String certificateName, CancellationToken cancellationToken)
at Sign.SignatureProviders.KeyVault.KeyVaultService.GetCertificateAsync(CancellationToken cancellationToken) in /_/src/Sign.SignatureProviders.KeyVault/KeyVaultService.cs:line 66
at Sign.Core.Signer.SignAsync(IReadOnlyList`1 inputFiles, String outputFile, FileInfo fileList, Boolean recurseContainers, DirectoryInfo baseDirectory, String applicationName, String publisherName, String description, Uri descriptionUrl, Uri timestampUrl, Int32 maxConcurrency, HashAlgorithmName fileHashAlgorithm, HashAlgorithmName timestampHashAlgorithm) in /_/src/Sign.Core/Signer.cs:line 79
Error: Process completed with exit code 1.
Describe the bug
I updated a working workflow 0.9.1-beta.25379.1 from to 0.9.1-beta.26179.1. Signing that had previously worked failed.
Expected behavior
Signing to succeed
Actual behavior
Signing fails with
Additional context