Skip to content

Use a valid secret reference#

Operational Excellence · All resources · 2021_09

Use a valid secret reference within parameter files.


When referencing secrets in a template parameter file:

  • The secret reference must be a valid Azure resource ID Key Vault.
  • A secret name must be specified.
  • An optional secret version can be specified.


Check the secret value Key Vault reference is valid.


Configure with Azure template#

To define Azure template parameter files that pass this rule:

  • When a secret is referenced from Key Vault, provide a valid resource ID and secret name.

For example:

Azure Template snippet
    "$schema": "",
    "contentVersion": "",
    "parameters": {
        "gatewayName": {
            "value": "gateway-A"
        "sku": {
            "value": "VpnGw1"
        "subnetId": {
            "value": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-A/subnets/GatewaySubnet"
        "sharedKey": {
            "reference": {
                "keyVault": {
                    "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.KeyVault/vaults/kv-001"
                "secretName": "valid-secret"

Last update: 2022-10-17