Bicep - Cannot access Function Key on B1 plan

Michał Jełowicki 0 Reputation points
2023-12-13T11:36:32.2766667+00:00

Hello,

I am trying to deploy bicep template which includes two resources - Key Vault and Function App. I would also like to add Function App default key as a KV secret. In order to do so I am using following syntax.

resource functionAppHost 'Microsoft.Web/sites/host@2022-09-01' existing = {
  name: 'default'
  parent: functionApp
}

resource secretFunctionAppSecret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = {
  parent: keyVault
  name: 'secret-pbimon-func-app-secret'
  properties: {
    value: functionAppHost.listKeys().functionKeys.default
  }
}

This syntax functions correctly with every App Service Plan except B1, where it results in an error:

User's image

I don't know what is the reason - I tried serverless and other Premium Plans which didn't cause any issues. I can also add other secrets to KV (for example I use almost the same syntax for adding Storage Key). Below is my ASP resource (if I change plan to any other everything works fine)

resource appServicePlan 'Microsoft.Web/serverfarms@2022-09-01' = {
  name: app_service_plan_name
  location: region_uppercase
  sku: {
    name: 'B1'
    tier: 'Basic'
    size: 'B1'
    family: 'B'
    capacity: 1
  }
  kind: 'linux'
  properties: {
    reserved: true
  }
}
Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
5,156 questions
Microsoft Deployment Toolkit
Microsoft Deployment Toolkit
A collection of Microsoft tools and documentation for automating desktop and server deployment. Previously known as Microsoft Solution Accelerator for Business Desktop Deployment (BDD).
906 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,958 questions
{count} votes

1 answer

Sort by: Most helpful
  1. VenkateshDodda-MSFT 21,976 Reputation points Microsoft Employee
    2023-12-18T14:52:37.0066667+00:00

    @Michał Jełowicki looks like you haven't shared the complete template, and you have couple other dependencies like data factory etc.,.
    I would suggest you retry the deployment by making the below changes and let us know you if are still facing the issues.

    • Remove the resource block Microsoft.Web/sites/host@2022-09-01 which is used to list the function app keys.
    • Pass this listkeys('${resourceId('Microsoft.Web/sites', functionApp.name)}/host/default/', '2021-02-01').masterKey as secret value in this resource Microsoft.KeyVault/vaults/secrets@2022-07-01 block.
    • If are using the single template to create resource and storing secrets. I recommend you use two template one template for resource creation and other template for storing secrets and use deployment scripts to wait for few seconds and to create the secret in key vaults. Refer to learn documentation about deployment scripts.
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.