diff --git a/.gitignore b/.gitignore
index 3680661571d2..806004525e0c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -51,4 +51,5 @@ tf.zip
 # do not upload secrets
 .env
 tmp/
-
+*.orig
+/debug
diff --git a/internal/services/batch/batch_account_resource.go b/internal/services/batch/batch_account_resource.go
index 4a034f7010ca..fa84db3a8f2e 100644
--- a/internal/services/batch/batch_account_resource.go
+++ b/internal/services/batch/batch_account_resource.go
@@ -346,16 +346,17 @@ func resourceBatchAccountRead(d *pluginsdk.ResourceData, meta interface{}) error
 		}
 	}
 
-	if d.Get("pool_allocation_mode").(string) == string(batch.PoolAllocationModeBatchService) &&
-		isShardKeyAllowed(d.Get("allowed_authentication_modes").(*pluginsdk.Set).List()) {
-		keys, err := client.GetKeys(ctx, id.ResourceGroup, id.BatchAccountName)
-		if err != nil {
-			return fmt.Errorf("Cannot read keys for Batch account %q (resource group %q): %v", id.BatchAccountName, id.ResourceGroup, err)
-		}
-
-		d.Set("primary_access_key", keys.Primary)
-		d.Set("secondary_access_key", keys.Secondary)
-	}
+	// we don't have permissions to read the keys
+	// if d.Get("pool_allocation_mode").(string) == string(batch.PoolAllocationModeBatchService) &&
+	// 	isShardKeyAllowed(d.Get("allowed_authentication_modes").(*pluginsdk.Set).List()) {
+	// 	keys, err := client.GetKeys(ctx, id.ResourceGroup, id.BatchAccountName)
+	// 	if err != nil {
+	// 		return fmt.Errorf("Cannot read keys for Batch account %q (resource group %q): %v", id.BatchAccountName, id.ResourceGroup, err)
+	// 	}
+
+	// 	d.Set("primary_access_key", keys.Primary)
+	// 	d.Set("secondary_access_key", keys.Secondary)
+	// }
 
 	return tags.FlattenAndSet(d, resp.Tags)
 }