0

I am trying to deploy key vault resources through ARM templates. The key vault is successfully deployed, but while deploying secrets, I am getting the below error message.

What am I missing?

I checked all parameter values, all are defined in the parameters file and also in the template file parameter section.

enter image description here Template Parameter File(templateparameters.json):

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "apiVersion_Microsoft.KeyVault_vaults_0": {
      "value": "2023-02-01"
    },
    "apiVersion_Microsoft.KeyVault_vaults_secrets_3": {
      "value": "2023-02-01"
    },
    "deployState_Microsoft.KeyVault_vaults_0": {
      "value": "Yes"
    },
    "deployState_Microsoft.KeyVault_vaults_secrets_3": {
      "value": "Yes"
    },
    "location_Microsoft.KeyVault_vaults_0": {
      "value": "westus3"
    },
    "location_Microsoft.KeyVault_vaults_secrets_3": {
      "value": "westus3"
    },
    "name_Microsoft.KeyVault_vaults_0": {
      "value": "dev-amat-wus2-kv-rel3"
    },
    "name_Microsoft.KeyVault_vaults_secrets_3": {
      "value": "dev-amat-wus2-kv-rel3/APIMMasterKey"
    },
    "properties_Microsoft.KeyVault_vaults_0": {
      "value": {
        "sku": {
          "family": "A",
          "name": "Standard"
        },
        "tenantId": "245f49a8-f742-486d-b190-b9e69b7b1823",
        "accessPolicies": [
          {
            "tenantId": "245f49a8-f742-486d-b190-b9e69b7b1823",
            "objectId": "81262c2f-5965-4f1f-8f5f-ac490d8a03ba",
            "permissions": {
              "keys": [
                "Get",
                "List",
                "Update",
                "Create",
                "Import",
                "Delete",
                "Recover",
                "Backup",
                "Restore",
                "GetRotationPolicy",
                "SetRotationPolicy",
                "Rotate"
              ],
              "secrets": [
                "Get",
                "List",
                "Set",
                "Delete",
                "Recover",
                "Backup",
                "Restore"
              ],
              "certificates": [
                "Get",
                "List",
                "Update",
                "Create",
                "Import",
                "Delete",
                "Recover",
                "Backup",
                "Restore",
                "ManageContacts",
                "ManageIssuers",
                "GetIssuers",
                "ListIssuers",
                "SetIssuers",
                "DeleteIssuers"
              ]
            }
          },
          {
            "tenantId": "245f49a8-f742-486d-b190-b9e69b7b1823",
            "objectId": "449b0150-5ee1-4565-bb7f-4fca59461102",
            "permissions": {
              "certificates": [],
              "keys": [],
              "secrets": [
                "get"
              ]
            }
          },
          {
            "tenantId": "245f49a8-f742-486d-b190-b9e69b7b1823",
            "objectId": "cd0be3aa-108f-4aaa-ae1e-346bbca5e92a",
            "permissions": {
              "keys": [],
              "secrets": [
                "Get",
                "List"
              ],
              "certificates": []
            }
          }
        ],
        "enabledForDeployment": false,
        "enabledForDiskEncryption": false,
        "enabledForTemplateDeployment": true,
        "enableSoftDelete": true,
        "softDeleteRetentionInDays": 90,
        "enableRbacAuthorization": false,
        "vaultUri": "https://dev-amat-wus2-kv-rel3.vault.azure.net/",
        "provisioningState": "Succeeded",
        "publicNetworkAccess": "Enabled"
      }
    },
    
    "properties_Microsoft.KeyVault_vaults_secrets_3": {
      "value": {
        "attributes": {
          "enabled": true
        }
      }
    }
  }
}

Template File(template.json):

{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
      "apiVersion_Microsoft.KeyVault_vaults_0": {
        "defaultValue": "2023-02-01",
        "type": "String"
      },
      "location_Microsoft.KeyVault_vaults_0": {
        "defaultValue": "westus3",
        "type": "String"
      },
      "name_Microsoft.KeyVault_vaults_0": {
        "defaultValue": "dev-amat-wus2-kv-rel3",
        "type": "String"
      },
      "properties_Microsoft.KeyVault_vaults_0": {
        "defaultValue": {
          "sku": {
            "family": "A",
            "name": "Standard"
          },
          "tenantId": "245f49a8-f742-486d-b190-b9e69b7b1823",
          "accessPolicies": [
            {
              "tenantId": "245f49a8-f742-486d-b190-b9e69b7b1823",
              "objectId": "81262c2f-5965-4f1f-8f5f-ac490d8a03ba",
              "permissions": {
                "keys": [
                  "Get",
                  "List",
                  "Update",
                  "Create",
                  "Import",
                  "Delete",
                  "Recover",
                  "Backup",
                  "Restore",
                  "GetRotationPolicy",
                  "SetRotationPolicy",
                  "Rotate"
                ],
                "secrets": [
                  "Get",
                  "List",
                  "Set",
                  "Delete",
                  "Recover",
                  "Backup",
                  "Restore"
                ],
                "certificates": [
                  "Get",
                  "List",
                  "Update",
                  "Create",
                  "Import",
                  "Delete",
                  "Recover",
                  "Backup",
                  "Restore",
                  "ManageContacts",
                  "ManageIssuers",
                  "GetIssuers",
                  "ListIssuers",
                  "SetIssuers",
                  "DeleteIssuers"
                ]
              }
            },
            {
              "tenantId": "245f49a8-f742-486d-b190-b9e69b7b1823",
              "objectId": "449b0150-5ee1-4565-bb7f-4fca59461102",
              "permissions": {
                "certificates": [],
                "keys": [],
                "secrets": [
                  "get"
                ]
              }
            },
            {
              "tenantId": "245f49a8-f742-486d-b190-b9e69b7b1823",
              "objectId": "cd0be3aa-108f-4aaa-ae1e-346bbca5e92a",
              "permissions": {
                "keys": [],
                "secrets": [
                  "Get",
                  "List"
                ],
                "certificates": []
              }
            }
          ],
          "enabledForDeployment": false,
          "enabledForDiskEncryption": false,
          "enabledForTemplateDeployment": true,
          "enableSoftDelete": true,
          "softDeleteRetentionInDays": 90,
          "enableRbacAuthorization": false,
          "vaultUri": "https://dev-amat-wus2-kv-rel3.vault.azure.net/",
          "provisioningState": "Succeeded",
          "publicNetworkAccess": "Enabled"
        },
        "type": "Object"
      },
      "deployState_Microsoft.KeyVault_vaults_0": {
        "defaultValue": "Yes",
        "allowedValues": [
          "Yes",
          "No"
        ],
        "type": "String"
      },
      
      "apiVersion_Microsoft.KeyVault_vaults_secrets_3": {
        "defaultValue": "2023-02-01",
        "type": "String"
      },
      "location_Microsoft.KeyVault_vaults_secrets_3": {
        "defaultValue": "westus3",
        "type": "String"
      },
      "name_Microsoft.KeyVault_vaults_secrets_3": {
        "defaultValue": "dev-amat-wus2-kv-rel3/APIMMasterKey",
        "type": "String"
      },
      "properties_Microsoft.KeyVault_vaults_secrets_3": {
        "defaultValue": {
          "attributes": {
            "enabled": true
          }
        },
        "type": "Object"
      },
      "deployState_Microsoft.KeyVault_vaults_secrets_3": {
        "defaultValue": "Yes",
        "allowedValues": [
          "Yes",
          "No"
        ],
        "type": "String"
      }
     },
    "variables": {},
    "resources": [
      {
        "type": "Microsoft.KeyVault/vaults",
        "apiVersion": "[parameters('apiVersion_Microsoft.KeyVault_vaults_0')]",
        "name": "[parameters('name_Microsoft.KeyVault_vaults_0')]",
        "location": "[parameters('location_Microsoft.KeyVault_vaults_0')]",
        "properties": "[parameters('properties_Microsoft.KeyVault_vaults_0')]",
        "Condition": "[equals(parameters('deployState_Microsoft.KeyVault_vaults_0'),'Yes')]"
      },
      
      {
        "type": "Microsoft.KeyVault/vaults/secrets",
        "apiVersion": "[parameters('apiVersion_Microsoft.KeyVault_vaults_secrets_3')]",
        "name": "[parameters('name_Microsoft.KeyVault_vaults_secrets_3')]",
        "location": "[parameters('location_Microsoft.KeyVault_vaults_secrets_3')]",
        "dependsOn": [
          "[resourceId('Microsoft.KeyVault/vaults', 'dev-amat-wus2-kv-rel3')]"
        ],
        "properties": "[parameters('properties_Microsoft.KeyVault_vaults_secrets_3')]",
        "Condition": "[equals(parameters('deployState_Microsoft.KeyVault_vaults_secrets_3'),'Yes')]"
      }
    ]
  }
old_timer
  • 69,149
  • 8
  • 89
  • 168
PavanKumar GVVS
  • 859
  • 14
  • 45

1 Answers1

0

I believe looking at the Error Details of the Secret Resource should confirm, but I think the value for the secret name is invalid (dev-amat-wus2-kv-rel3/APIMMasterKey).

A / is not a valid character in a secret name, which is likely causing the problem here.

PramodValavala
  • 6,026
  • 1
  • 11
  • 30