which makes it impossible to create the keyvault key and enable the customer-key encryption at the same within one ARM template, cause we cannot use the ARM function "reference" to reference the key we created and extract the dynamically generated version number. The "reference" function cannot be used in variables definition, resource name and types.
I found if we need to enable the customer key encryption for the PostgreSQL database, the "serverKeyName" must be in this format: "KeyvaultName_keyName_keyVersion". https://github.com/Azure/azure-postgresql/blob/0b28059c849fef7864b3b1b556f5e3a2ce69524f/arm-templates/ExampleWithDataEncryption/template.json#L36-L38
which makes it impossible to create the keyvault key and enable the customer-key encryption at the same within one ARM template, cause we cannot use the ARM function "reference" to reference the key we created and extract the dynamically generated version number. The "reference" function cannot be used in variables definition, resource name and types.
https://github.com/Azure/azure-postgresql/blob/0b28059c849fef7864b3b1b556f5e3a2ce69524f/arm-templates/ExampleWithDataEncryption/template.json#L90-L102
Questions: How to create the keyvault key and enable the customer-key encryption at the same time within one ARM template?
Thanks.