1.0 Introduction
This article provides troubleshooting steps for common issues encountered while configuring and running Fortanix Key Insight in cloud environments.
2.0 Troubleshooting
PROBLEM | RESOLUTION |
|---|
When a Federated Authentication (Fed Auth) mapped to a cloud connection has expired, a RESCAN attempt fails with Failed to start a new scan. Failed connection credentials test. Check your credentials and try again. error. | Perform the following steps: Reauthorize the authentication from the Connection tab or the Authentication tab. After reauthorizing, perform the RESCAN.
For more information, refer to Getting Started With Cloud Connection. |
If you edit a cloud connection while Fed Auth has expired, the identity provider configuration is not auto-selected and provides an Unable to assume role with web identity. Ensure your credentials are valid or retry the operation. error. | Perform the following steps: When editing the connection, manually select the correct authentication in the Select identity provider configuration field. Reauthorize the authentication before saving changes.
|
Large dataset scans may occasionally fail to display all items, showing the error message: Failed to load items. | Click RETRY and allow the page to fully reload before proceeding. 
|
If a Fortanix Data Security Manager (DSM) connection is mapped to a Key Management Service (KMS) that remains in a Pending state, attempting to update the associated cloud connection will fail with the error: Unable to update cloud connection. dsm account id must be set. | Ensure the associated KMS connection is in a Connected state before updating the cloud connection. For more information on updating the cloud connection, refer to Getting Started With Cloud Connection. |
A GCP connection test fails with the following error: “Failed Google Cloud Platform connection test. Check your credentials and try again: Google Cloud SDK was instantiated, but listing organizations resulted in error: NonOkStatus { message: "HTTP GET on \"https://cloudresourcemanager.googleapis.com/v3/organizations:search\" produced an error response: {\n \"error\": {\n \"code\": 403,\n \"message\": \"Cloud Resource Manager API has not been used in project 758106583346 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/cloudresourcemanager.googleapis.com/overview?project=758106583346 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.\",\n \"status\": \"PERMISSION_DENIED\",\n \"details\": [\n {\n \"@type\": \"type.googleapis.com/google.rpc.ErrorInfo\",\n \"reason\": \"SERVICE_DISABLED\",\n \"domain\": \"googleapis.com\",\n \"metadata\": {\n \"serviceTitle\": \"Cloud Resource Manager API\",\n \"service\": \"cloudresourcemanager.googleapis.com\",\n \"containerInfo\": \"xxxxxxxxxxxxxx\",\n \"activationUrl\": \"https://console.developers.google.com/apis/api/cloudresourcemanager.googleapis.com/overview?project=758106583346\",\n \"consumer\": \"projects/xxxxxxxxxxxx\"\n }\n },\n {\n \"@type\": \"type.googleapis.com/google.rpc.LocalizedMessage\",\n \"locale\": \"en-US\",\n \"message\": \"Cloud Resource Manager API has not been used in project 758106583346 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/cloudresourcemanager.googleapis.com/overview?project=xxxxxxxxxxxx then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.\"\n },\n {\n \"@type\": \"type.googleapis.com/google.rpc.Help\",\n \"links\": [\n {\n \"description\": \"Google developers console API activation\",\n \"url\": \"https://console.developers.google.com/apis/api/cloudresourcemanager.googleapis.com/overview?project=758106583346\"\n }\n ]\n }\n ]\n }\n}\n", http_status: 403 }” .
This occurs when the required GCP APIs are not enabled in the target project. | Perform the following steps to enable the required APIs in the GCP project: On the Google Cloud Console, navigate to APIs & Services → Enable APIs and Services. Enable Cloud Resource Manager API and any other required APIs (Cloud KMS, Cloud Storage, and Cloud SQL Admin) based on the supported GCP services.
|
Fortanix Key Insight identifies encryption keys and data services across on-premises and hybrid multicloud environments, providing a unified dashboard for tracking key mappings and cryptographic security. It offers security and compliance teams data-driven insights to assess risks, align with best practices, and meet industry regulations. Iy also supports continuous risk mitigation and crypto-agility, adapting to evolving security needs, including preparation for the post-quantum era.