Share via

Azure App Settings using Secret From Key Vault

Marcos de Almeida 1 Reputation point
2022-06-29T11:14:51.873+00:00

Hello,

I need some help to solve this.

I set mongodb url string as a secret on Key Vault, and referer that on my Azure App Setting doesn't start and show this error:

Blockquote
2022-06-29T11:03:08.808653246Z Unhandled exception. MongoDB.Driver.MongoConfigurationException: The connection string '@Microsoft.KeyVault(SecretUri=https://kvault-sennit.vault.azure.net/secrets/squidex-mongodb-string/72bc4a428803424d8376974e3962fe82/)' is not valid.

But if I use the connection string as a normal string in APP Settings workes very well, it looks like some Key Vault Secret import error..

Azure Key Vault
Azure Key Vault

An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.

Azure App Service
Azure App Service

Azure App Service is a service used to create and deploy scalable, mission-critical web apps.

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Bruno Lucas 4,436 Reputation points
    2022-06-29T21:55:24.833+00:00

    Hi @Marcos de Almeida ,

    @JamesTran-MSFT is right. I overlooked your secret path.

    If you copy from here (image below), you will get something like :

    https://domain.vault.azure.net/secrets/SQLConnectionString/38d645aff36b40d1bf22aad1c386f883

    just remove the last bit and add to the reference

    @Microsoft.KeyVault(SecretUri=https://domain.vault.azure.net/secrets/SQLConnectionString/)

    216254-image.png

    1 person found this answer helpful.
    0 comments
  2. James Tweedie-Long 0 Reputation points
    2025-07-11T09:22:53.4366667+00:00

    If you look at the Azure App Setting, is there a red X next to the KeyVault source, or a green tick?

    I've just experienced the same error, and in my case it turned out the app did not have access to the KeyVault secret.

    User's image

    User's image

    0 comments
  3. JamesTran-MSFT 37,246 Reputation points Microsoft Employee Moderator
    2022-06-29T16:28:44.417+00:00

    @Marcos de Almeida
    Thank you for your post!

    Error Message:
    The connection string '@Microsoft.KeyVault(SecretUri=https://kvault-sennit.vault.azure.net/secrets/squidex-mongodb-string/72bc4a428803424d8376974e3962fe82/)' is not valid.

    From your error and based off our App Service documentation, since the Secret version is optional, can you see if setting the SecretUri to @Microsoft.KeyVault(SecretUri=https://kvault-sennit.vault.azure.net/secrets/squidex-mongodb-string/ resolves your issue?
    216119-image.png

    Reference syntax
    216197-image.png

    Example References: 

    @Microsoft.KeyVault(SecretUri=https://myvault.vault.azure.net/secrets/mysecret/)  
@Microsoft.KeyVault(VaultName=myvault;SecretName=mysecret)

    If you're still having issues, can you share any screenshots or documentation that you're following?
    Thank you for your time and patience throughout this issue.

    ----------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

  4. Bruno Lucas 4,436 Reputation points
    2022-06-29T12:07:59.687+00:00

    Hi @Marcos de Almeida ,
    Based on that error your code didn't get to the point to resolve the Vault reference.
    It could be syntax, or a vault policy or a library/app version confusion.

    Are you getting this error in Azure or Visual Studio?

    if it is Visual studio, can you share the code? Are you adding the Vault secret path to local.settings.json?
    https://learn.microsoft.com/en-us/answers/questions/824221/how-to-use-key-vault-references-for-azure-function.html

    if it is deployed in the azure function, do you have only the path? Without any quotes? Do you see the vault validation icon?

    216163-image.png

    If you edit direct in azure, the value should have no quotes: @Microsoft.KeyVault(SecretUri=https://myvault.vault.azure.net/secrets/mysecret/)

    Here it's a good article:
    https://devkimchi.com/2020/04/30/3-ways-referencing-azure-key-vault-from-azure-functions/

    Could also be you need to update a nuget?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.