azure-functions-core-tools: KeyVaultReferencesManager throws an error when provided a null config item

When KeyVaultReferencesManager attempts to match config items with the Key Vault Reference format it can result in a cryptic error being thrown Key Vault Reference format invalid:

The following is an example from a newly created empty function app

local.settings.json

{
  "IsEncrypted": false,
  "Values": {
    "AzureWebJobsStorage": "UseDevelopmentStorage=true",
    "FUNCTIONS_WORKER_RUNTIME": "dotnet",
    "test": null
  }
}

On Debug

Azure Functions Core Tools
Core Tools Version:       3.0.4378 Commit hash: N/A  (64-bit)
Function Runtime Version: 3.4.2.0

[2022-03-17T01:43:06.010Z] Found C:\***\NullValueFunction\NullValueFunction.csproj. Using for user secrets file configuration.
Key Vault Reference format invalid:
Press any key to continue....

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Reactions: 1
  • Comments: 22 (5 by maintainers)

Most upvoted comments

Just encountered this as well. For me the workaround was to remove all properties which are initialized with null values in appsettings.json, like this line: image When i removed it, it’s all good and at least the function starts,

This should have been rolled back for both v4 and v3. The rolled back versions for Core Tools are 4.0.3971 and 3.0.3904.

Try deleting these folders and restarting VS to force it to update:

For v3:

C:\Users\ <user name> \AppData\Local\AzureFunctionsTools\Tags\v3 C:\Users\ <user name> \AppData\Local\AzureFunctionsTools\Releases\3.32.0

For v4:

C:\Users\ <user name> \AppData\Local\AzureFunctionsTools\Tags\v4 C:\Users\ <user name> \AppData\Local\AzureFunctionsTools\Releases\4.11.0

Thanks, that cleared up the problem. Both V3 and V4 function runtimes are working again.

In my environment, the same phenomenon occurred when the contents of ConnectionStrings are nested.

e.g.)

  "ConnectionStrings": {
    "SqlDatabase": {
      "DatabaseConnectionString": "ConnectionString"
    }
  },

In this case,I confirmed the operation by rewriting as follows:

  "ConnectionStrings": {
    "SqlDatabase:DatabaseConnectionString": "ConnectionString"
  },

I do a similar thing and ya this has totally broken our code. It does work if you have the guid after the secret name, but no one wants to have keep track of the secret guid version, please roll this change back…

Thanks for the report folks, we’ll get this addressed as soon as we can. I can repro the error behavior for both null and a valid keyvault string - I tested with the example here

@Microsoft.KeyVault(SecretUri=https://myvault.vault.azure.net/secrets/mysecret/)

One question for @j0hnth0m - when you say “yes they were working before”, I assume you just mean they didn’t block func start, right? AFAIK, core tools wouldn’t actually use keyvault references in the previous behavior

This started happening recently as well.

Workaround was to remove the keyvault references in the local.settings.json (yes they were working before). But that means I have to replace with actual “secret” values which is not acceptable.

func.exe output…

Azure Functions Core Tools
Core Tools Version:       4.0.4385 Commit hash: N/A  (64-bit)
Function Runtime Version: 4.1.3.17473

[2022-03-17T19:25:36.438Z] Found c:\work\sig\azure\functionsapps\fa-config-test\***Azure.ConfigTest\***Azure.ConfigTest.csproj. Using for user secrets file configuration.
Key Vault Reference format invalid: @Microsoft.KeyVault(SecretUri=https://***...)
Press any key to continue....

Is there any workaround to get rid of this problem?