I am having a strange issue. I have 1 ARM template, which I use to deploy 2 environments.
I am adding a certificate like this:
{
"type": "Microsoft.Web/certificates",
"name": "[variables('certificateName')]",
"apiVersion": "2016-03-01",
"location": "[resourceGroup().location]",
"properties": {
"keyVaultId": "[parameters('almKeyVaultId')]",
"keyVaultSecretName": "[parameters('servicePrincipalCertSecretName')]",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms/', variables('appServicePlanName'))]"
},
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms/', variables('appServicePlanName'))]"
]
},
For my test environment, this succeeds. When I deploy my QA environment, I got the error: The parameter KeyVaultId & KeyVaultSecretName has an invalid value.
However, the parameter values for Test and QA are identically (almKeyVaultId & servicePrincipalCertSecretName).
Any ideas what I am doing wrong?
Update
After deleting the full QA resource group, I was able to redeploy the exact same ARM template. It seems that the resource group should be created after the Key Vault secret? Any ideas why? If we would encounter this in production, we don't want to delete the full resource group
I think I found the cause of this issue. Apparently, when a resource group has been created, you cannot change the secret name. If you do so, the error above will be thrown.
If you want to change the secret name, you need to delete the resource group and redeploy everything.