Hi everyone, I'm trying to set the

keyVaultReferenceIdentity

in

siteConfig

for a web app so that I can use user assigned identities to access Key Vault using Key Vault references, but it seems the

azure-native

provider is not setting the value, even though it's visible in the details. The

keyVaultReferenceIdentity

a level higher is set just fine, but this apparently doesn't work for Key Vault references. These are the details of an update (creates do the same):

~ azure-native:web/v20231201:WebApp: (update)
        [id=/subscriptions/xxxx/resourceGroups/rg-xxxx/providers/Microsoft.Web/sites/xxxx]
        [urn=urn:pulumi:xxxx::xxxx::azure-native:web/v20231201:WebApp::xxxx]
        [provider=urn:pulumi:xxxx::xxxx::pulumi:providers:azure-native::default_2_44_0::af1c16d8-44c1-4aab-9b0d-754e9e80f7bb]
      ~ siteConfig: {
          ~ keyVaultReferenceIdentity: "eae0db42-a48a-4902-af7d-f837133adc03" => "/subscriptions/xxxx/resourcegroups/rg-odin-dev4/providers/Microsoft.ManagedIdentity/userAssignedIdentities/xxxx"
        }

But if I use

az webapp show

after applying the update,

keyVaultReferenceIdentity

is still `null`:

az webapp show -g xxxx -n xxxx --query siteConfig

{
  ...
  "keyVaultReferenceIdentity": null,
  ...
}

I am using the following code to create the web app:

var args = new WebAppArgs
{
	...
	SiteConfig = new SiteConfigArgs
	{
        ...
        KeyVaultReferenceIdentity = keyVaultUserAssignedIdentity.Id,
		...
	},
	KeyVaultReferenceIdentity = keyVaultUserAssignedIdentity.Id,
	...,
    Identity = new ManagedServiceIdentityArgs
	{
		Type = ManagedServiceIdentityType.UserAssigned,
		UserAssignedIdentities = new List<Output<string>>
		{
			acrPullUserAssignedIdentityId,
			keyVaultUserAssignedIdentity.Id
		}
	}
};

var webApp = new Pulumi.AzureNative.Web.V20231201.WebApp(configuration.Name, args);

Am I doing something wrong or should I file a bug report for this?