sops --decrypt ./secrets/secrets.enc.json > ./secrets/secrets.json
Failed to get the data key required to decrypt the SOPS file.

Group 0: FAILED
  https://mykv.vault.azure.net/keys/sops-key/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx: FAILED
    - | failed to decrypt sops data key with Azure Key Vault key
      | 'https://mykv.vault.azure.net/keys/sops-key/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx':
      | DefaultAzureCredential: failed to acquire a token.
      | Attempted credentials:
      |         EnvironmentCredential: missing environment variable
      | AZURE_TENANT_ID
      |         WorkloadIdentityCredential: no client ID specified. Check
      | pod configuration or set ClientID in the options
      |         ManagedIdentityCredential: managed identity timed out. See
      | https://aka.ms/azsdk/go/identity/troubleshoot#dac for more
      | information
      |         AzureCLICredential: ERROR: AADSTS50173: The provided grant
      | has expired due to it being revoked, a fresh auth token is
      | needed. The user might have changed or reset their password.
      | The grant was issued on '2024-06-21T14:08:41.7484466Z' and
      | the TokensValidFrom date (before which tokens are not valid)
      | for this user is '2024-11-04T11:11:10.0000000Z'. Trace ID:
      | xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx Correlation ID:
      | yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy Timestamp: 2025-01-22
      | 13:55:44Z
      | Interactive authentication is needed. Please run:
      | az login --scope https://vault.azure.net/.default
      |
      |         AzureDeveloperCLICredential: please run "azd auth login"
      | from a command prompt to authenticate before using this
      | credential

Recovery failed because no master key was able to decrypt the file. In
order for SOPS to recover the file, at least one key has to be successful,
but none were.