Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

App setting error when referencing keyvault secret on Function App using Linux Service Plan

See original GitHub issue

We are unable to set an Application Setting on the Configuration section of a Function App v4 .NET 6 isolated process. This happens on a Linux App Service Plan.

The setting references a KeyVault secret in the format @Microsoft.KeyVault(SecretUri=https://myvaul.vault.azure.net/secrets/MySecret-ConnectionString/)

This works correctly on a Function App using a Windows App Service Plan. Both have user managed identity to access the appropriate KeyVault instance.

On the windows plan the setting shows with a green checkmark. On the linux plan the setting is shown with a red error marker.

Running the diagnostics and troubleshooting section is not helpful. It does not reveal any kind of error on the keyvault reference thus misleading the user.

Issue Analytics

State:
Created 2 years ago
Comments:7 (3 by maintainers)

Top GitHub Comments

1reaction

twentytwokhzcommented, Dec 18, 2021

@balag0 I think I narrowed it down to this topic

In my case there might be differences between windows function apps deployed via ARM templates and this particular linux function app which was created via Visual Studio Code advanced wizard.

The difference lies in the keyVaultReferenceIdentity property that I inspected on the Export template

in the windows function app it was correctly referencing the user assigned managed identity
in the linux function app (even though I set the user assigned managed identity in the Portal UI) the template shows a value of SystemAssigned

0reactions

twentytwokhzcommented, Dec 18, 2021

I executed the commands in the documentation with some minor tweaks (syntax was not working in cloud shell) and then the Key vault reference started working 🥇 🥳

Closing this since now it’s working… but please note this was NOT obvious at all. There is still room for improvement on the function app creation experience

Top Results From Across the Web

Use Key Vault references - Azure App Service

Navigate to Application Settings and select "Edit" for the reference in question.

Key Vault reference in Azure App Service doesn't resolve

NET 6) application hosted within an Linux app service plan. I'm attempting to reference a Key Vault secret within the configuration settings ......

Troubleshooting Azure Key Vault References in ...

A handy guide for beginners to troubleshoot Azure Key Vault reference errors in Functions App.

App Service – Key Vault Vnet Service Endpoint access ...

Currently, Key Vault references won't work if your key vault is secured with service endpoints. To connect to a key vault by using...

Fix AccessToKeyVaultDenied error in Azure App service ...

After that go to App service > Configration and click Edit icon for the app setting which uses reference on KeyVault secret and...

Troubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.

Start Free

Top Related Reddit Thread

No results found

Top Related Tweet

No results found

Top Related Dev.to Post

No results found

App setting error when referencing keyvault secret on Function App using Linux Service Plan

Issue Analytics

Top GitHub Comments

Top Results From Across the Web

Top Related Medium Post

Top Related StackOverflow Question

Troubleshoot Live Code

Top Related Reddit Thread

Top Related Hackernoon Post

Top Related Tweet

Top Related Dev.to Post

Top Related Hashnode Post

[BlobTrigger] Identity based connection with serviceUri: fail to send message to poison queue

IANA timezone style doesn't work on Windows dotnet 6.