Unable to create Azure Flexible MySQL database, key vault not found error

Question

Im trying to create Azure Flexible MySQL database, I tried multiple times by providing key vault and managed key information. Still it showing Could not find Azure Key Vault Key with key name

Relevant keyvault is created and the they are in same resource group.

Answer 1

If User-assigned Managed Identity (UMI) doesn’t have access to the key vault keys, then you may get above error while deploying Azure Flexible MySQL database. To resolve the error if RBAC is enabled, add Key Vault Crypto Service Encryption User role to the UMI as shown below:

If Vault access policies are enabled, then The UMI must have the following access to the key vault:

• Get: For retrieving the public part and properties of the key in the key vault.
• List: List the versions of the key stored in a Key Vault.
• Wrap Key: To be able to encrypt the DEK. The encrypted DEK is stored in the Azure Database for MySQL flexible server instance.
• Unwrap Key: To be able to decrypt the DEK. Azure Database for MySQL flexible server needs the decrypted DEK to encrypt/decrypt the data.

After successful assignment of role, you will be able to deploy Azure Flexible MySQL database successfully without any error. For more information you can refer to the below documents:

• Data encryption with customer managed keys - Azure Database for MySQL - Flexible Server | Microsoft Learn

• Can’t deploy MySQL server – Key Vault permissions problem? - Microsoft Q&A