[AzureKeyVault] Error when adding cert to VMSS

Recently I had this error after adding newly created KV secret having cert to VMSS using PS. First I did not get sense out of this, but on close look it turns to be a simpler one.


Key Vault https://xxxx.vault.azure.net/secrets/certswaptest0001/defxxxxbc either has not been enabled for deployment or the vault id provided, /subscriptions/38e1xxx-xx-xx-a931-xxx/resourceGroups/certswaptestKeyVaultGroup/providers/Microsoft.KeyVault/vaults/certswaptestKeyVault, does not match the Key Vault's true resource id.

Resolution :-

The key vault must be enabled for deployment to allow the compute resource provider to get certificates from it and install it on virtual machine instances:

https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-creation-via-arm  (Search for EnabledForDeployment)

you can try this in PS or portal as below.

New-AzureRmKeyVault -VaultName 'mywestusvault' -ResourceGroupName 'westus-mykeyvault' -Location 'West US' –EnabledForDeployment