Can't deploy MySQL server – Key Vault permissions problem?

Guy 20 Reputation points
2023-05-17T13:38:08.0733333+00:00

I'm struggling to deploy a MySQL Flexible Server. It's my first attempt to use Azure and I'm finding it far from straightforward. Azure Support couldn't help and suggested I ask here.

Deploying in the Portal fails with the following error:

{
    "status": "Failed",
    "error": {
        "code": "AzureKeyVaultKeyNotFound",
        "message": "Could not find Azure Key Vault Key with key name 'https://omnivore-demo-kv.vault.azure.net/keys/omnivore-db-key/97bddf03b1a1499c9625feef165972cc'."
    }
}

Notes:

  • The vault and the key exist
  • Is it just a permissions issue?
    • The Managed Identity on the DB Server has Key Vault Secrets User permission on the KV
    • I had the same error with Reader permission
  • I pulled down the Resource Group and started from scratch in case it had become corrupted. Same thing.
  • Trying to do the same thing with CLI instead of Portal, I get 2 different errors

Hope someone can help
Thanks

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,180 questions
Azure Database for MySQL
Azure Database for MySQL
An Azure managed MySQL database service for app development and deployment.
759 questions
0 comments No comments
{count} votes

Accepted answer
  1. Konstantinos Passadis 17,456 Reputation points MVP
    2023-05-17T16:16:45.12+00:00

    Hello @Guy !

    Welcome to Microsoft QnA!

    I see you are having trouble deploying a MySQL Azure Flexible Server

    Did you went through this :

    https://learn.microsoft.com/en-us/azure/mysql/flexible-server/quickstart-create-server-portal

    How are you deploying the Server ?

    Can you please share details ?

    I hope this helps!

    Kindly mark the answer as Accepted and Upvote in case it helped!

    Regards

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. Guy 20 Reputation points
    2023-05-17T17:11:12.45+00:00

    @Konstantinos Passadis gave me the clue I needed.

    The Security page has an option to create a Managed Identity and a Key Vault. Turns out you don't need to do this, and it worked when I didn't.

    How to make the option work / what value it provides / why they provide it if it doesn't...I guess that remains an unanswered question!