I am trying to retrieve secrets from a Vault within my ARM template
In my parameter file I have the following
"resource_Env": {
"value": "dev"
},
"activation_URI": {
"reference": {
"keyVault": {
"id": "/subscriptions/xxx/resourceGroups/RG-DEV/providers/Microsoft.KeyVault/vaults/myVault"
},
"secretName": "[concat('activation-URI-', parameters('resource_Env'))]"
}
}
When I run this I get an error
Error Code: KeyVaultParameterReferenceSecretRetrieveFailed Message: The secret of KeyVault parameter 'activation_URI' cannot be retrieved. Http status code: 'BadRequest'. Error message: 'The request URI contains an invalid name: [concat('activation-URI-', parameters('resource_Env'))]'
It appears that the concat is not working. If I hard code the whole string as in
"secretName": "activation-URI-dev"
it works fine
Am I unable to concat in the secretName property?
Here is my template file:-
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-
01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resource_Env": {
"type": "string",
"defaultValue": "dev"
},
"resource_Env_number": {
"type": "string",
"defaultValue": "1"
},
"resource_Platform": {
"type": "string",
"defaultValue": "int"
},
"resource_Group_Locn": {
"type": "string",
"defaultValue": "australiasoutheast"
},
"resource_Org": {
"type": "string",
"defaultValue": "eml"
},
"typeName_ResourceGroup": {
"type": "string",
"defaultValue": "rg"
},
"resourceGroupPrefix": {
"type": "string",
"defaultValue": "
[concat(parameters('resource_Env'),parameters('resource_Env_Number'),'-',parameters('resource_Org'),'-',parameters('resource_Platform'))]"
},
"serviceBusNamespaceName": {
"type": "string",
"defaultValue": "
[concat(parameters('resource_Env'),parameters('resource_Env_Number'),'-eml-int-svcbus')]",
"metadata": {
"description": "Name of the Service Bus namespace"
}
},
"serviceBusTopicName": {
"type": "string",
"defaultValue": "transaction",
"metadata": {
"description": "Name of the Topic"
}
},
"typeName_FuncApp": {
"defaultValue": "func",
"type": "string"
},
"ocp_apim_subscription_key": {
"defaultValue": "",
"type": "string",
"metadata": {
"description": "Subscription key for APIM"
}
},
"svcbus_connection_string": {
"defaultValue": "",
"type": "string",
"metadata": {
"description": "Service bus connection string"
}
},
"activation_URI": {
"defaultValue": "",
"type": "string",
"metadata": {
"description": "The URI to the activate endpoint"
}
},
"webhookid": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "The id of the webhook registered with EML"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
}
},
"variables": {
},
"resources": [
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2018-05-01",
"name": "serviceBusDeployment",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri":
"https://blob/transactiondeployment/azuredeploysvcbus.json",
"contentVersion": "1.0.0.0"
},
"parameters": {
"serviceBusNamespaceName": { "value": " [parameters('serviceBusNamespaceName')]" },
"serviceBusTopicName": { "value": "[parameters('serviceBusTopicName')]" }
}
}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2018-05-01",
"name": "cosmosDBDeployment",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri":
"https://blob/transactiondeployment/azuredeploycosmosdb.json",
"contentVersion": "1.0.0.0"
},
"parameters": {
"resourceGroupPrefix": { "value": "
[parameters('resourceGroupPrefix')]" }
}
}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2018-05-01",
"name": "activateSubscriberDeployment",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri":
"https://blob/transactiondeployment/azuredeployactivatesubscriber.json",
"contentVersion": "1.0.0.0"
},
"parameters": {
"resource_Env": { "value": "[parameters('resource_Env')]" },
"resourceGroupPrefix": { "value": "[parameters('resourceGroupPrefix')]" },
"typeName_FuncApp": { "value": "[parameters('typeName_FuncApp')]" },
"serviceBusTopicName": { "value": "[parameters('serviceBusTopicName')]" },
"ocp_apim_subscription_key": { "value": "[parameters('ocp_apim_subscription_key')]" },
"svcbus_connection_string": { "value": "[parameters('svcbus_connection_string')]" },
"activation_URI": { "value": "[parameters('activation_URI')]" }
}
}
}
After my validation, I also reproduce the same error.
To fix it, you could pass parameters activation_URI as inline values to your link template. You could try to add the referenced value to the parameters to tell where the secret will retrieve from. The template file will like this:
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2018-05-01",
"name": "activateSubscriberDeployment",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri":
"https://blob/transactiondeployment/azuredeployactivatesubscriber.json",
"contentVersion": "1.0.0.0"
},
"parameters": {
"resource_Env": { "value": "[parameters('resource_Env')]" },
"resourceGroupPrefix": { "value": "[parameters('resourceGroupPrefix')]" },
"typeName_FuncApp": { "value": "[parameters('typeName_FuncApp')]" },
"serviceBusTopicName": { "value": "[parameters('serviceBusTopicName')]" },
"ocp_apim_subscription_key": { "value": "[parameters('ocp_apim_subscription_key')]" },
"svcbus_connection_string": { "value": "[parameters('svcbus_connection_string')]" },
"activation_URI": {
"reference": {
"keyVault": {
"id": "/subscriptions/xxx/resourceGroups/RG-DEV/providers/Microsoft.KeyVault/vaults/myVault"},
"secretName": "[concat('activation-URI-', parameters('resource_Env'))]"
}
}
}
}
}
The parameters file will like this:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
...
"resource_Env": {
"value": "dev"
}
}
}
For more information, you could refer to this template.