Can't deploy MySQL server – Key Vault permissions problem?

Question

I'm struggling to deploy a MySQL Flexible Server. It's my first attempt to use Azure and I'm finding it far from straightforward. Azure Support couldn't help and suggested I ask here.

Deploying in the Portal fails with the following error:

{
    "status": "Failed",
    "error": {
        "code": "AzureKeyVaultKeyNotFound",
        "message": "Could not find Azure Key Vault Key with key name 'https://omnivore-demo-kv.vault.azure.net/keys/omnivore-db-key/97bddf03b1a1499c9625feef165972cc'."
    }
}

Notes:

• The vault and the key exist
• Is it just a permissions issue?
  • The Managed Identity on the DB Server has Key Vault Secrets User permission on the KV
  • I had the same error with Reader permission
• I pulled down the Resource Group and started from scratch in case it had become corrupted. Same thing.
• Trying to do the same thing with CLI instead of Portal, I get 2 different errors

Hope someone can help
Thanks

Answer 1

Hello @Guy !

Welcome to Microsoft QnA!

I see you are having trouble deploying a MySQL Azure Flexible Server

Did you went through this :

https://learn.microsoft.com/en-us/azure/mysql/flexible-server/quickstart-create-server-portal

How are you deploying the Server ?

Can you please share details ?

I hope this helps!

Kindly mark the answer as Accepted and Upvote in case it helped!

Regards

Answer 2

@Konstantinos Passadis gave me the clue I needed.

The Security page has an option to create a Managed Identity and a Key Vault. Turns out you don't need to do this, and it worked when I didn't.

How to make the option work / what value it provides / why they provide it if it doesn't...I guess that remains an unanswered question!