# Microsoft.Azure.KeyVault.Models.KeyVaultErrorException：操作返回无效状态代码'Forbidden'

- **ID:** `cloud/azure-key-vault-secret-expiration`
- **领域:** cloud
- **类别:** auth_error
- **错误码:** `HTTP 403`
- **验证级别:** ai_generated
- **修复率:** 84%

## 根因

Azure Key Vault密钥已过期或已禁用，即使权限有效也会导致访问被拒绝。

## 版本兼容性

| 版本 | 状态 | 引入 | 弃用 |
|------|------|------|------|
| Azure Key Vault REST API 7.0 | active | — | — |
| .NET SDK 3.0.5 | active | — | — |

## 解决方案

1. ```
   Update the secret's expiration date using Azure CLI: `az keyvault secret set-attributes --vault-name MyVault --name MySecret --expires 2026-12-31T23:59:59Z`
   ```
2. ```
   Enable soft-delete and purge protection, then restore a previous version of the secret if available: `az keyvault secret restore --vault-name MyVault --file backup.json`
   ```
3. ```
   Create a new secret with a new name and update the application configuration to reference it
   ```

## 无效尝试

- **** — Access policies are not the issue; the secret itself is expired, so re-adding policies does not restore access. (80% 失败率)
- **** — Restarting does not renew the expired secret; it only clears the cache, and the same expired secret is fetched again. (90% 失败率)
- **** — Changing the value does not reset the expiration date; the secret remains expired unless the expiration date is explicitly updated. (70% 失败率)