Reputation: 85
referencing a KeyVault secret in an ARM template fails with 'The resource is not defined in the template'
I am trying to create a KeyVault reference in the AppConfig section of an Azure web app. The KeyVault reference references a secret which exists in a KeyVault which is part of a different resourcegroup and thus does not exist in the template.
according to the documentation of the reference() template function you should be able to reference a resource which is not part of the template as long as you provide the complete resourceId and the apiVersion.
But when I use that to reference the secret I keep getting a validation error which says:
Error: Code=InvalidTemplate; Message=Deployment template validation failed: 'The resource 'Microsoft.KeyVault/vaults//secrets/' is not defined in the template.
I followed this guide. for how to use KeyVault references in ARM templates.
Below code is a sample of a situation which does not work.
{
"type": "Microsoft.Web/sites",
"apiVersion": "2016-08-01",
"name": "[variables('webAppName')]",
"location": "[resourceGroup().location]",
"properties": {
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('serverFarmName'))]",
"siteConfig": {
"alwaysOn": true,
"appSettings": [
{
"name": "<secretName>",
"value": "[concat('@Microsoft.KeyVault(SecretUri=', reference(variables('secretResourceId')).secretUriWithVersion, ')')]"
},
]
}
},
"identity": {
"type": "SystemAssigned"
},
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', variables('serverFarmName'))]"
]
}
The variable is defined like this:
"variables": {
"secretResourceId": "[resourceId(subscription().subscriptionId, parameters('keyVaultResourceGroup'), 'Microsoft.KeyVault/vaults/secrets', parameters('keyVaultName'), 'secretName')]"
},
Is this something specific to references to KeyVault secrets?
As soon as I try the same but with a keyvault and secret inside the template it works perfectly fine.
Upvotes: 6
Views: 4581
Answers (1)
Reputation: 6647
The documentation for the reference function mentions that the second parameter to the function, apiVersion is required when the referring resource isn't provisioned within the same template.
So, instead of
reference(variables('secretResourceId')).secretUriWithVersion
something like this should work
reference(variables('secretResourceId'), '2018-02-14').secretUriWithVersion
Upvotes: 9
Related Questions
- Issue with KeyVault reference in ARM template
- ARM template dependsOn on a keyvault access policy
- How to dynamically create Azure KeyVault reference in ARM template?
- Creating a KeyVault secret in an existing keyvault
- Error when deploying ARM template that includes certificate stored in key vault
- Azure ARM template ResourceNotFound error when referencing managed identity in key vault access policy
- Using secret from Azure KeyVault in Azure ARM Template
- Deploy azure key vault secret using arm template gives error
- "The resource identifier of the KeyVault parameter '' is invalid" error during ARM template deployment
- How do I define a certificate resource in my ARM template when it is hosted in the Key Vault?