diff --git a/atst/domain/csp/cloud/azure_cloud_provider.py b/atst/domain/csp/cloud/azure_cloud_provider.py
index 79f352d5..6db3aba3 100644
--- a/atst/domain/csp/cloud/azure_cloud_provider.py
+++ b/atst/domain/csp/cloud/azure_cloud_provider.py
@@ -6,12 +6,8 @@ from uuid import uuid4
 from atst.utils import sha256_hex
 
 from .cloud_provider_interface import CloudProviderInterface
-from .exceptions import AuthenticationException, UserProvisioningException
+from .exceptions import AuthenticationException, UserProvisioningException, SecretException
 from .models import (
-    SubscriptionCreationCSPPayload,
-    SubscriptionCreationCSPResult,
-    SubscriptionVerificationCSPPayload,
-    SuscriptionVerificationCSPResult,
     AdminRoleDefinitionCSPPayload,
     AdminRoleDefinitionCSPResult,
     ApplicationCSPPayload,
@@ -27,12 +23,16 @@ from .models import (
     EnvironmentCSPPayload,
     EnvironmentCSPResult,
     KeyVaultCredentials,
+    PrincipalAdminRoleCSPPayload,
+    PrincipalAdminRoleCSPResult,
     ProductPurchaseCSPPayload,
     ProductPurchaseCSPResult,
     ProductPurchaseVerificationCSPPayload,
     ProductPurchaseVerificationCSPResult,
-    PrincipalAdminRoleCSPPayload,
-    PrincipalAdminRoleCSPResult,
+    SubscriptionCreationCSPPayload,
+    SubscriptionCreationCSPResult,
+    SubscriptionVerificationCSPPayload,
+    SuscriptionVerificationCSPResult,
     TaskOrderBillingCreationCSPPayload,
     TaskOrderBillingCreationCSPResult,
     TaskOrderBillingVerificationCSPPayload,
@@ -54,7 +54,6 @@ from .models import (
 )
 from .policy import AzurePolicyManager
 
-
 # This needs to be a fully pathed role definition identifier, not just a UUID
 # TODO: Extract these from sdk msrestazure.azure_cloud import AZURE_PUBLIC_CLOUD
 AZURE_SKU_ID = "0001"  # probably a static sku specific to ATAT/JEDI
@@ -117,11 +116,15 @@ class AzureCloudProvider(CloudProviderInterface):
         )
         try:
             return secret_client.set_secret(secret_key, secret_value)
-        except self.exceptions.HttpResponseError:
+        except self.sdk.exceptions.HttpResponseError as exc:
             app.logger.error(
                 f"Could not SET secret in Azure keyvault for key {secret_key}.",
                 exc_info=1,
             )
+            raise SecretException(
+                f"Could not SET secret in Azure keyvault for key {secret_key}.",
+                exc.message,
+            )
 
     def get_secret(self, secret_key):
         credential = self._get_client_secret_credential_obj()
@@ -130,11 +133,15 @@ class AzureCloudProvider(CloudProviderInterface):
         )
         try:
             return secret_client.get_secret(secret_key).value
-        except self.exceptions.HttpResponseError:
+        except self.sdk.exceptions.HttpResponseError:
             app.logger.error(
                 f"Could not GET secret in Azure keyvault for key {secret_key}.",
                 exc_info=1,
             )
+            raise SecretException(
+                f"Could not GET secret in Azure keyvault for key {secret_key}.",
+                exc.message,
+            )
 
     def create_environment(self, payload: EnvironmentCSPPayload):
         creds = self._source_creds(payload.tenant_id)
diff --git a/atst/domain/csp/cloud/exceptions.py b/atst/domain/csp/cloud/exceptions.py
index 49b05fb4..3480180f 100644
--- a/atst/domain/csp/cloud/exceptions.py
+++ b/atst/domain/csp/cloud/exceptions.py
@@ -118,3 +118,17 @@ class BaselineProvisionException(GeneralCSPException):
         return "Could not complete baseline provisioning for environment ({}): {}".format(
             self.env_identifier, self.reason
         )
+
+
+class SecretException(GeneralCSPException):
+    """A problem occurred with setting or getting secrets"""
+
+    def __init__(self, tenant_id, reason):
+        self.tenant_id = tenant_id
+        self.reason = reason
+
+    @property
+    def message(self):
+        return "Could not get or set secret for ({}): {}".format(
+            self.tenant_id, self.reason
+        )