Key Vault Error: An error occurred while creating the secret ‘secret-name’.

Posted: March 3, 2025  |  Categories: Azure
Tags: Azure Errors and Warnings Causes and Solutions Key Vault Secrets

This week, while trying to create a missing Key Vault secret for an ongoing project, I got a strange generic error saying:

An error occurred while creating the secret ‘secret-name’.

Cause

There are a few common reasons, some of them really obvious, for this error to occur:

  • Unique Secret Name: If you already have a secret stored in your Key Vault with the name ‘maxPeriod’, attempting to create a new secret with the same name will not create a new secret but rather a new version of the existing one.
    • So, yes, we must ensure that our name is unique within the Key Vault. But that was not my case, since the secret didn’t exist!
  • Hidden or Reserved Names: Some secret names are reserved or hidden. For instance, if you have a certificate object in your Key Vault, the private key of that certificate is stored as a hidden secret with the same name.
    • But that was not the case here, either.
  • Permissions and Access: We must ensure we have the necessary permissions to create secrets in the Key Vault. You will encounter errors if your access policies do not allow secret creation.
    • Once again, that was not the case because the windows to create the secret are presented. Otherwise, we will get a different error sooner. I had previously created other secrets.

Now, the other common reason is related to the soft-deleted secrets behavior in Key Vault:

  • If you have previously deleted a secret, it may still exist in a soft-deleted state. In this case, you would need to either:
    • Purge the deleted secret before creating a new one with the same name;
    • Or restore the secret from the soft-deleted state.

This is a key vault default behavior that cannot be disabled. The ability to turn off soft delete via the Azure Portal has been deprecated. You can create a new key vault with soft delete off for a limited time using CLI / PowerShell / REST API. The ability to create a key vault with soft delete disabled will be fully deprecated by the end of the year.

In fact, it was because of this Soft-Deleted behavior that I was getting the error. Once I accessed the Managed deleted secrets, I realized that the secret I was trying to create had been deleted, unintentionally or not, by someone previously.

Solution

Resolving this issue is quite simple. And for that, we need to:

  • Access your Key Vault inside the Azure Portal and then click on the Objects > Secrets option.
  • And then from the top menu, select the Managed deleted secrets option.

From the Manage deleted secrets panel, we can either:

  • Purge the deleted secret before creating a new one with the same name. You can accomplish that by selecting the secret or secrets you want to permanently delete and then clicking the Purge button.
  • Or restore the secret from the soft-deleted state by clicking the Recover button.

I hope you find this helpful! If you liked the content or found it useful and want to help me write more, you can buy (or help me buy) my son a Star Wars Lego! 

Author: Sandro Pereira

Sandro Pereira lives in Portugal and works as a consultant at DevScope. In the past years, he has been working on implementing Integration scenarios both on-premises and cloud for various clients, each with different scenarios from a technical point of view, size, and criticality, using Microsoft Azure, Microsoft BizTalk Server and different technologies like AS2, EDI, RosettaNet, SAP, TIBCO etc. He is a regular blogger, international speaker, and technical reviewer of several BizTalk books all focused on Integration. He is also the author of the book “BizTalk Mapping Patterns & Best Practices”. He has been awarded MVP since 2011 for his contributions to the integration community.

Leave a Reply

Your email address will not be published. Required fields are marked *

turbo360

Get integration tips every day. Follow us on:

Back to Top