I created an Azure function app with an ARM template. The function app has a system-assigned identity. The identity has an access policy with get/list rights for keys, secrets, and certificates in the key vault. I also tried it with create/update rights additionally. But it did not solve the issue.
When I try to create a function key, I get the following error message in the web portal:
Creating host key Failed to create <key name>: Encountered an error (InternalServerError) from host runtime.
This is the template of the function (from export template):
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"function_app_name": {
"defaultValue": "test-fct-app",
"type": "String"
},
"app_service_plan_id": {
"defaultValue": "/subscriptions/<subscription_id>/resourceGroups/<rg-name>/providers/Microsoft.Web/serverfarms/<app-service-plan-name>",
"type": "String"
},
"vnet_id": {
"defaultValue": "/subscriptions/<subscription_id>/resourceGroups/<rg-name>/providers/Microsoft.Network/virtualNetworks/<subnet-name>",
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Web/sites",
"apiVersion": "2018-11-01",
"name": "[parameters('function_app_name')]",
"location": "Germany West Central",
"kind": "functionapp",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"enabled": true,
"hostNameSslStates": [
{
"name": "[concat(parameters('function_app_name'), '.azurewebsites.net')]",
"sslState": "Disabled",
"hostType": "Standard"
},
{
"name": "[concat(parameters('function_app_name'), '.scm.azurewebsites.net')]",
"sslState": "Disabled",
"hostType": "Repository"
}
],
"serverFarmId": "[parameters('app_service_plan_id')]",
"reserved": false,
"isXenon": false,
"hyperV": false,
"siteConfig": {},
"scmSiteAlsoStopped": false,
"clientAffinityEnabled": false,
"clientCertEnabled": false,
"hostNamesDisabled": false,
"containerSize": 1536,
"dailyMemoryTimeQuota": 0,
"httpsOnly": false,
"redundancyMode": "None"
}
},
{
"type": "Microsoft.Web/sites/config",
"apiVersion": "2018-11-01",
"name": "[concat(parameters('function_app_name'), '/web')]",
"location": "Germany West Central",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', parameters('function_app_name'))]"
],
"properties": {
"numberOfWorkers": 1,
"defaultDocuments": [
"Default.htm",
"Default.html",
"Default.asp",
"index.htm",
"index.html",
"iisstart.htm",
"default.aspx",
"index.php"
],
"netFrameworkVersion": "v4.0",
"phpVersion": "5.6",
"requestTracingEnabled": false,
"remoteDebuggingEnabled": false,
"remoteDebuggingVersion": "VS2019",
"httpLoggingEnabled": false,
"logsDirectorySizeLimit": 35,
"detailedErrorLoggingEnabled": false,
"publishingUsername": "[concat('$', parameters('function_app_name'))]",
"azureStorageAccounts": {},
"scmType": "LocalGit",
"use32BitWorkerProcess": false,
"webSocketsEnabled": false,
"alwaysOn": false,
"javaVersion": "1.8",
"managedPipelineMode": "Integrated",
"virtualApplications": [
{
"virtualPath": "/",
"physicalPath": "site\wwwroot",
"preloadEnabled": false
}
],
"loadBalancing": "LeastRequests",
"experiments": {
"rampUpRules": []
},
"autoHealEnabled": false,
"vnetName": "8059ef61-4a93-4b13-bba1-e2a782a07360_function-subnet",
"cors": {
"allowedOrigins": [
"https://functions.azure.com",
"https://functions-staging.azure.com",
"https://functions-next.azure.com"
],
"supportCredentials": false
},
"localMySqlEnabled": false,
"managedServiceIdentityId": 2290,
"ipSecurityRestrictions": [
{
"ipAddress": "Any",
"action": "Allow",
"priority": 1,
"name": "Allow all",
"description": "Allow all access"
}
],
"scmIpSecurityRestrictions": [
{
"ipAddress": "Any",
"action": "Allow",
"priority": 1,
"name": "Allow all",
"description": "Allow all access"
}
],
"scmIpSecurityRestrictionsUseMain": false,
"http20Enabled": false,
"minTlsVersion": "1.2",
"ftpsState": "AllAllowed",
"reservedInstanceCount": 0
}
},
{
"type": "Microsoft.Web/sites/hostNameBindings",
"apiVersion": "2018-11-01",
"name": "[concat(parameters('function_app_name'), '/', parameters('function_app_name'), '.azurewebsites.net')]",
"location": "Germany West Central",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', parameters('function_app_name'))]"
],
"properties": {
"siteName": "[parameters('function_app_name')]",
"hostNameType": "Verified"
}
},
{
"type": "Microsoft.Web/sites/virtualNetworkConnections",
"apiVersion": "2018-11-01",
"name": "[concat(parameters('function_app_name'), '/8059ef61-4a93-4b13-bba1-e2a782a07360_function-subnet')]",
"location": "Germany West Central",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', parameters('function_app_name'))]"
],
"properties": {
"vnetResourceId": "[concat(parameters('vnet_id'), '/subnets/function-subnet')]",
"isSwift": true
}
}
]
}
question from:
https://stackoverflow.com/questions/65919413/cannot-create-app-key-in-azure-function-app-or-azure-function-encountered-an-er 
