[AzureKeyVault] Error when adding cert to VMSS
Recently I had this error after adding newly created KV secret having cert to VMSS using PS. First I did not get sense out of this, but on close look it turns to be a simpler one.
Key Vault https://xxxx.vault.azure.net/secrets/certswaptest0001/defxxxxbc either has not been enabled for deployment or the vault id provided, /subscriptions/38e1xxx-xx-xx-a931-xxx/resourceGroups/certswaptestKeyVaultGroup/providers/Microsoft.KeyVault/vaults/certswaptestKeyVault, does not match the Key Vault's true resource id.
The key vault must be enabled for deployment to allow the compute resource provider to get certificates from it and install it on virtual machine instances:
https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-creation-via-arm (Search for EnabledForDeployment)
you can try this in PS or portal as below.
New-AzureRmKeyVault -VaultName 'mywestusvault' -ResourceGroupName 'westus-mykeyvault' -Location 'West US' –EnabledForDeployment