BYO SSL Cert - Azure CDN using key_vault_secret_id


azurerm_cdn_endpoint_custom_domain saw a change in AzureRM version 3.19.0 whereby key_vault_certificate_id was deprecated in favor of key_vault secret_id. My config looks like this for applying our certificate to the custom domain as recommended;

key_vault_secret_id = data.azurerm_key_vault_certificate.ssl_certificate.versionless_id

The problem I am seeing is when ever I run Terraform Apply it wants to update the SSL path in place every time which forces the SSL cert to be deleted and reapplied as shown.

~ user_managed_https {

~ key_vault_secret_id = "{secret_name}" -> "{secret_name}"

Has anyone else seen this behavior? If so, is there a workaround?