我需要从keyvault那里找回秘密。到目前为止这是我的代码：

from azure.mgmt.keyvault import KeyVaultManagementClient
from azure.common.credentials import ServicePrincipalCredentials


subscription_id = 'x'
# See above for details on creating different types of AAD credentials
credentials = ServicePrincipalCredentials(
    client_id = 'x',
    secret = 'x',
    tenant = 'x'
)

kv_client = KeyVaultManagementClient(credentials, subscription_id)

for vault in kv_client.vaults.list():
    print(vault)

但我有个错误：

msrestazure.azure_exceptions.CloudError: Azure Error: AuthorizationFailed Message: The client 'x' with object id 'x' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resources/read' over scope '/subscriptions/x'.

现在，我可以使用C#code/POwershell访问具有相同凭据的同一个keyvault，因此授权绝对没有问题。不知道为什么它不能使用SDK。请帮忙。