azure-functions-core-tools: KeyVaultReferencesManager throws an error when provided a null config item

When KeyVaultReferencesManager attempts to match config items with the Key Vault Reference format it can result in a cryptic error being thrown Key Vault Reference format invalid:

The following is an example from a newly created empty function app

local.settings.json

{
  "IsEncrypted": false,
  "Values": {
    "AzureWebJobsStorage": "UseDevelopmentStorage=true",
    "FUNCTIONS_WORKER_RUNTIME": "dotnet",
    "test": null
  }
}

On Debug

Azure Functions Core Tools
Core Tools Version:       3.0.4378 Commit hash: N/A  (64-bit)
Function Runtime Version: 3.4.2.0

[2022-03-17T01:43:06.010Z] Found C:\***\NullValueFunction\NullValueFunction.csproj. Using for user secrets file configuration.
Key Vault Reference format invalid:
Press any key to continue....

About this issue

Original URL
State: closed
Created 2 years ago
Reactions: 1
Comments: 22 (5 by maintainers)

Most upvoted comments

Just encountered this as well. For me the workaround was to remove all properties which are initialized with null values in appsettings.json, like this line: When i removed it, it’s all good and at least the function starts,

k-krupka on Mar 17, 2022

This should have been rolled back for both v4 and v3. The rolled back versions for Core Tools are 4.0.3971 and 3.0.3904.

Try deleting these folders and restarting VS to force it to update:

For v3:

C:\Users\ <user name> \AppData\Local\AzureFunctionsTools\Tags\v3 C:\Users\ <user name> \AppData\Local\AzureFunctionsTools\Releases\3.32.0

For v4:

C:\Users\ <user name> \AppData\Local\AzureFunctionsTools\Tags\v4 C:\Users\ <user name> \AppData\Local\AzureFunctionsTools\Releases\4.11.0

Thanks, that cleared up the problem. Both V3 and V4 function runtimes are working again.

j0hnth0m on Mar 21, 2022

In my environment, the same phenomenon occurred when the contents of ConnectionStrings are nested.

e.g.)

  "ConnectionStrings": {
    "SqlDatabase": {
      "DatabaseConnectionString": "ConnectionString"
    }
  },

In this case,I confirmed the operation by rewriting as follows:

  "ConnectionStrings": {
    "SqlDatabase:DatabaseConnectionString": "ConnectionString"
  },

Ovis on Mar 18, 2022

I do a similar thing and ya this has totally broken our code. It does work if you have the guid after the secret name, but no one wants to have keep track of the secret guid version, please roll this change back…

j03INTHECLOUD on Mar 17, 2022

Thanks for the report folks, we’ll get this addressed as soon as we can. I can repro the error behavior for both null and a valid keyvault string - I tested with the example here

@Microsoft.KeyVault(SecretUri=https://myvault.vault.azure.net/secrets/mysecret/)

One question for @j0hnth0m - when you say “yes they were working before”, I assume you just mean they didn’t block func start, right? AFAIK, core tools wouldn’t actually use keyvault references in the previous behavior

ejizba on Mar 17, 2022

This started happening recently as well.

Workaround was to remove the keyvault references in the local.settings.json (yes they were working before). But that means I have to replace with actual “secret” values which is not acceptable.

func.exe output…

Azure Functions Core Tools
Core Tools Version:       4.0.4385 Commit hash: N/A  (64-bit)
Function Runtime Version: 4.1.3.17473

[2022-03-17T19:25:36.438Z] Found c:\work\sig\azure\functionsapps\fa-config-test\***Azure.ConfigTest\***Azure.ConfigTest.csproj. Using for user secrets file configuration.
Key Vault Reference format invalid: @Microsoft.KeyVault(SecretUri=https://***...)
Press any key to continue....

j0hnth0m on Mar 17, 2022

Is there any workaround to get rid of this problem?

ErosZZH on Mar 17, 2022