Azure Function KeyVault reference not resolvable immediately after vault creation

0
votes

I have an ARM template creating a KeyVault, Azure Function app and assigning access policies granting access to the Function app. Once the ARM template has been deployed, I call az cli to add a setting in the Function with a reference to the KV secret. On doing so, the reference fails to resolve diagnostics reports:

Failed to resolve Key Vault references because Key Vault not found. Please use valid Key Vault to use Key Vault reference.

However the vault does exist and was successfully created in the ARM template. As time passes - 10 minutes or more - the reference is eventually resolved with no other change made.

This seems like it could possibly be a DNS resolution issue but I'd imagine it would be a widely discussed problem but I don't see any one else experiencing this.

How can I fix this so the reference resolves not long after KV creation?

1
azureazure-functionsazure-web-app-serviceazure-keyvault

1 Answers

0
votes

I managed to get to the bottom of this. In the ARM template I had another Function slot in which I was setting the KV referenced app setting as well. Different slot to the one I was doing via az cli, but the resolution of that one was happening before the KV existed. Removing this caused the az cli config step to begin resolving.

My guess is that some part of the the attempted resolution is cached for a period of time - DNS perhaps - and subsequent attempts also fail for 10 minutes or so.