3

I'm creating an Application Setting in an Azure App Service via the Azure cli. The value of the setting is a KeyVault reference which, if you're not familiar, has a special syntax:

@Microsoft.KeyVault(SecretUri=https://something.vault.azure.net/secrets/SomeKey/xxxxxxxxxx)

My powershell script creates the KeyVault secret and stores the secret id. I then construct the Application Setting value like:

$new_secret_id = "@Microsoft.KeyVault(SecretUri=$secret_id)"

I use Write-Host to verify $new_secret_id is exactly correct at this point.

Then I use the following command to create the Application Setting but the trailing paren is always missing and that causes the app setting to become a verbatim value instead of a KeyVault reference. If I hard-code a value instead of using the variable $secret_id it works, it does not strip the closing ).

az webapp config appsettings set `
    --resource-group $rg `
    --name $app_name `
    --settings A_SECRET=$new_secret_id

enter image description here

Update

I've been trying with various combinations of values for $secred_id. It only seems to happen when the value is a URL.

Crowcoder
  • 11,250
  • 3
  • 36
  • 45

1 Answers1

4

This is already a documented problem (feature):

https://github.com/Azure/azure-cli/issues/8506

We made this change to help prevent the shell from interpreting the special characters in the setting value

As noted in the github comments, you can embed double quotes.

--settings "A_SECRET=""@Microsoft.KeyVault(SecretUri=$secret_id)"""

Crowcoder
  • 11,250
  • 3
  • 36
  • 45