I am trying to create a KeyVault reference in the AppConfig section of an Azure web app. The KeyVault reference references a secret which exists in a KeyVault which is part of a different resourcegroup and thus does not exist in the template.
according to the documentation of the reference() template function you should be able to reference a resource which is not part of the template as long as you provide the complete resourceId and the apiVersion.
But when I use that to reference the secret I keep getting a validation error which says:
Error: Code=InvalidTemplate; Message=Deployment template validation failed: 'The resource 'Microsoft.KeyVault/vaults//secrets/' is not defined in the template.
I followed this guide. for how to use KeyVault references in ARM templates.
Below code is a sample of a situation which does not work.
{
"type": "Microsoft.Web/sites",
"apiVersion": "2016-08-01",
"name": "[variables('webAppName')]",
"location": "[resourceGroup().location]",
"properties": {
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('serverFarmName'))]",
"siteConfig": {
"alwaysOn": true,
"appSettings": [
{
"name": "<secretName>",
"value": "[concat('@Microsoft.KeyVault(SecretUri=', reference(variables('secretResourceId')).secretUriWithVersion, ')')]"
},
]
}
},
"identity": {
"type": "SystemAssigned"
},
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', variables('serverFarmName'))]"
]
}
The variable is defined like this:
"variables": {
"secretResourceId": "[resourceId(subscription().subscriptionId, parameters('keyVaultResourceGroup'), 'Microsoft.KeyVault/vaults/secrets', parameters('keyVaultName'), 'secretName')]"
},
Is this something specific to references to KeyVault secrets?
As soon as I try the same but with a keyvault and secret inside the template it works perfectly fine.
