azure-cli: az keyvault list does not show newly created key vault

This is autogenerated. Please review and update as needed.

Describe the bug

az keyvault list does not show newly created key vault

Command Name az keyvault list

Errors: empty list when the key vault should be listed

[]

To Reproduce:

Steps to reproduce the behavior. Note that argument values have been redacted, as they may contain sensitive information.

  1. Create a new key vault via CLI: az keyvault create -g {rg} -n {vault name}
  2. List key vaults in the resource group: az keyvault list -g {rg}

This gives an empty result: []

However, show does work and give the details of the key vault: az keyvault show -g {rg} -n {vault name}

Expected Behavior

Key vault information should be shown

Environment Summary

Windows-10-10.0.22000-SP0
Python 3.10.5
Installer: MSI

azure-cli 2.38.0 *

Extensions:
aks-preview 0.5.91
containerapp 0.3.7
storage-preview 0.8.3

Dependencies:
msal 1.18.0b1
azure-mgmt-resource 21.1.0b1

Additional Context

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Comments: 24 (4 by maintainers)

Most upvoted comments

Reopening based on experience of @tylercarper and @rkisliak

+1
mmckechney on Dec 7, 2022

@navba-MSFT

I have the same issue. I create new KeyVaults in a pipeline using: az keyvault create --name <kv_name> --resource-group <rg_name> --enable-rbac-authorization <bool> And I am able to see KeyVault in UI (Azure Portal), but CLI commands like: az keyvault list or az keyvault show --name <kv_name> shows nothing, but only after 20-30 min (sometimes less, sometimes more) I see the correct output.

@tylercarper perhaps any luck to fix or workaround already? 😃

+1
rkisliak on Dec 7, 2022

In our org, we are hitting this quite frequently. We have a pipeline for putting up dev clusters that creates keyvaults in one step and later verifies existence with az keyvault list.

We create the keyvault (into an also newly created resourceGroup) with: az keyvault create --name $keyVaultName --resource-group $resourceGroupName --location $configLocationName

Later we run and see exactly the behavior that @mmckechney describes: az keyvault list --subscription $azureSubscriptionId --resource-group $resourceGroupName returns: []

Occasionally, az keyvault list will update immediately and we see the new kv. but (seemingly) more and more often, we see it take hours (sometimes a full day) to return the keyvault from az keyvault list

In out case, using az keyvault show seems like a more reliable way to test for the key vaults existence.

+1
tylercarper on Sep 30, 2022
Read more comments on GitHub
← azure-cli: az identity create returns for created in AD
azure-cli: "az keyvault secret set" failed with error "Max retries exceeded attempting to connect to vault" →