ARM Template with Key Vault certificate

Question

I am having a strange issue. I have 1 ARM template, which I use to deploy 2 environments.

I am adding a certificate like this:

{
        "type": "Microsoft.Web/certificates",
        "name": "[variables('certificateName')]",
        "apiVersion": "2016-03-01",
        "location": "[resourceGroup().location]",
        "properties": {
            "keyVaultId": "[parameters('almKeyVaultId')]",
            "keyVaultSecretName": "[parameters('servicePrincipalCertSecretName')]",
            "serverFarmId": "[resourceId('Microsoft.Web/serverfarms/', variables('appServicePlanName'))]"
        },
        "dependsOn": [
            "[resourceId('Microsoft.Web/serverfarms/', variables('appServicePlanName'))]"
        ]
    },

For my test environment, this succeeds. When I deploy my QA environment, I got the error: The parameter KeyVaultId & KeyVaultSecretName has an invalid value.

However, the parameter values for Test and QA are identically (almKeyVaultId & servicePrincipalCertSecretName).

Any ideas what I am doing wrong?

Update

After deleting the full QA resource group, I was able to redeploy the exact same ARM template. It seems that the resource group should be created after the Key Vault secret? Any ideas why? If we would encounter this in production, we don't want to delete the full resource group

Identity Identity · Accepted Answer · 2017-02-23T10:21:04

I think I found the cause of this issue. Apparently, when a resource group has been created, you cannot change the secret name. If you do so, the error above will be thrown.

If you want to change the secret name, you need to delete the resource group and redeploy everything.

ARM Template with Key Vault certificate

2 Answers