diff --git a/.github/actions/constellation_create/action.yml b/.github/actions/constellation_create/action.yml
index 2935c0690f..80ab905402 100644
--- a/.github/actions/constellation_create/action.yml
+++ b/.github/actions/constellation_create/action.yml
@@ -141,6 +141,16 @@ runs:
           --force
         echo "::endgroup::"
 
+    - name: Add Azure Keyvault access role
+      if: inputs.cloudProvider == 'azure' && inputs.isDebugImage == 'true'
+      shell: bash
+      run: |
+        UAMI=$(yq eval ".provider.azure.userAssignedIdentity | upcase" constellation-conf.yaml)
+        PRINCIPAL_ID=$(az identity list | yq ".[] | select(.id | test(\"(?i)$UAMI\"; \"g\")) | .principalId")
+        az role assignment create --role "Key Vault Secrets User" \
+          --assignee "$PRINCIPAL_ID" \
+          --scope /subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/e2e-test-creds/providers/Microsoft.KeyVault/vaults/opensearch-creds
+
     - name: Constellation init
       id: constellation-init
       shell: bash