I have an ASP.NET (.NET 6) application hosted within an Linux app service plan. I'm attempting to reference a Key Vault secret within the configuration settings using the following syntax: @Microsoft.KeyVault(SecretUri=https://redacted.vault.azure.net/secrets/test/version)

However, I just get a red-cross next to the setting inside Configuation blade in the Azure Portal. If I open up the setting, then I get no further information about the issue.

Here's what I have done so far:

• Followed the instructions at https://docs.microsoft.com/en-us/azure/app-service/app-service-key-vault-references
• I have used the 'Key Vault Application Settings Diagnostics' tool inside the 'Diagnose and solve problems' blade; this told me everything was fine with green ticks across multiple checks EXCEPT at the bottom it came up with the following amber warning with no further information:-

Uncategorized issues found

• I have configured the ap service managed identity and given the appropriate permissions to the principal inside Key Vault
• I have enabled 'Allow access from trusted Microsoft services' inside the Key Vault firewall.

CodePudding user response：

The solution was to add the outbound IP addresses of my app service to the Key Vault firewall, as 'Allow trusted Microsoft services to bypass this firewall' was not enough because app services are not trusted services.

CodePudding user response：

Adding so I can have some Internet Points

I don't think that Allow Trusted Microsoft Services is not enough to bypass the firewall for your app service:

https://azidentity.azurewebsites.net/post/2019/01/03/key-vault-firewall-access-by-azure-app-services