Hello everyone I am using Pulumi Azure Native all C and tryi Pulumi Community #azure

Hello everyone I am using Pulumi Azure Native (all...

stale-fish-58614

09/15/2025, 8:28 PM

Hello everyone I am using Pulumi Azure Native (all C#) and trying to add a certificate from a key vault to my Managed container apps environment. This is doable via Portal and seems fairly straightforward however when I try to do it through Pulumi I get nothing. Running

up --json

seems to generate a

customDomainVerificationId

and no errors, but the certificate never appears and isn't in the deployed template. I'm using this for the args passed in to the Managed Environment:

this._args.CustomDomainConfiguration = new CustomDomainConfigurationArgs

CertificateKeyVaultProperties = new CertificateKeyVaultPropertiesArgs

KeyVaultUrl = "https://<vault_name>.<http://vault.azure.net/secrets/|vault.azure.net/secrets/><secret_name>",

Identity = "/subscriptions/<sub_id>/resourcegroups/<rg_name>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<user_assigned_identity_name>",

},

What am I missing?

green-answer-22914

09/16/2025, 12:20 AM

Does the

Identity

you specify have

get

permissions on the Key Vault secret? Make sure this identity is assigned to the Managed Environment and has the correct access policy in Key Vault.

stale-fish-58614

09/16/2025, 5:07 PM

Yes, it's a global managed identity with all the permissions. Also I'd expect a 403 in that case, probably.

stale-fish-58614

09/29/2025, 4:03 PM

Thanks, I was able to get to the needed resource. Unfortunately this appears to be a pulumi bug and this isn't the right way to set up a managed cert under a Container App Environment, and there isn't an actual supported workflow in Pulumi. At least now I understand why sending this in results in no action and empty property sets.

7 Views

Open in Slack

Previous Next