Function app with a key vault for secrets and referencing a secret from another keyvault

FunctionWithSecrets.arm

{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "skuName": {
      "type": "string",
      "defaultValue": "F1",
      "allowedValues": [
        "F1",
        "D1",
        "B1",
        "B2",
        "B3",
        "S1",
        "S2",
        "S3",
        "P1",
        "P2",
        "P3",
        "P4"
      ]
    },
    "skuCapacity": {
      "type": "int",
      "defaultValue": 1,
      "minValue": 1,
      "metadata": {
        "description": "Plan instance count"
      }
    },
    "websiteName": {
      "type": "string",
      "defaultValue": "myWebSite"
    },
    "ADTenantId": {
      "type": "string"
    },
    "sharedKeyVaultRG": {
      "type": "string",
      "defaultValue": "[resourceGroup().name]"
    },
    "SharedKeyVaultName": {
      "type": "string"
    },
    "SecretName": {
      "type": "string"
    }
  },
  "variables": {
    "storageConnectionString": "[concat(parameters('websiteName') , 'storageConnection')]",
    "keyVaultName": "[concat(parameters('websiteName') ,'vault')]",
    "hostingPlanName": "[concat(parameters('websiteName'),'-plan-', uniquestring(resourceGroup().id))]",
    "storageAccountName": "[concat(uniquestring(resourceGroup().id), 'azfunctions')]",
    "storageAccountid": "[concat(resourceGroup().id,'/providers/','Microsoft.Storage/storageAccounts/', variables('storageAccountName'))]"
  },
  "resources": [
    {
      "name": "[variables('keyVaultName')]",
      "type": "Microsoft.KeyVault/vaults",
      "apiVersion": "2016-10-01",
      "location": "West Europe",
      "dependsOn": [
        "[resourceId('Microsoft.Web/sites/', parameters('webSiteName'))]"
      ],
      "properties": {
        "tenantId": "[parameters('ADTenantId')]",
        "sku": {
          "family": "A",
          "name": "standard"
        },
        "accessPolicies": [
          {
            "tenantId": "[reference(concat('Microsoft.Web/sites/', parameters('webSiteName')), '2018-02-01', 'Full').identity.tenantId]",
            "objectId": "[reference(concat('Microsoft.Web/sites/', parameters('webSiteName')), '2018-02-01', 'Full').identity.principalId]",
            "permissions": {
              "keys": [],
              "secrets": ["get"],
              "certificates": [],
              "storage": []
            }
          }
        ],
        "enabledForTemplateDeployment": true
      }
    },
    {
      "name": "[concat(variables('keyVaultName'), '/', variables('storageConnectionString'))]",
      "type": "Microsoft.KeyVault/vaults/secrets",
      "apiVersion": "2018-02-14",
      "dependsOn": [
        "[resourceId('Microsoft.KeyVault/vaults/', variables('keyVaultName'))]",
        "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]"
      ],
      "properties": {
        "value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('storageAccountName'), ';AccountKey=', listKeys(variables('storageAccountid'),'2015-06-15').key1)]"
      }
    },
    {
      "apiVersion": "2015-08-01",
      "name": "[variables('hostingPlanName')]",
      "type": "Microsoft.Web/serverfarms",
      "location": "[resourceGroup().location]",
      "sku": {
        "name": "[parameters('skuName')]",
        "capacity": "[parameters('skuCapacity')]"
      },
      "properties": {
        "name": "[variables('hostingPlanName')]"
      }
    },
    {
      "apiVersion": "2018-02-01",
      "name": "[parameters('webSiteName')]",
      "type": "Microsoft.Web/sites",
      "kind": "functionapp",
      "location": "[resourceGroup().location]",
      "identity": {
        "type": "SystemAssigned"
      },
      "dependsOn": [
        "[resourceId('Microsoft.Web/serverFarms/', variables('hostingPlanName'))]",
        "[resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))]"
      ],
      "properties": {
        "name": "[parameters('webSiteName')]",
        "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName'))]"
      },
      "resources": [
        {
          "name": "appSettings",
          "type": "config",
          "apiVersion": "2015-08-01",
          "dependsOn": [
            "[resourceId('Microsoft.Web/Sites/', parameters('webSiteName'))]",
            "[resourceId('Microsoft.KeyVault/vaults/', variables('keyVaultName'))]",
            "[resourceId('Microsoft.KeyVault/vaults/secrets', variables('keyVaultName'), variables('storageConnectionString'))]"
          ],
          "properties": {
            "AzureWebJobsStorage": "[concat('@Microsoft.KeyVault(SecretUri=', reference(resourceId('Microsoft.KeyVault/vaults/secrets', variables('keyVaultName'), variables('storageConnectionString'))).secretUriWithVersion, ')')]",
            "ValueFromSharedKeyVault": "[concat('@Microsoft.KeyVault(SecretUri=', reference(resourceId(parameters('sharedKeyVaultRG'),'Microsoft.KeyVault/vaults/secrets', parameters('SharedKeyVaultName'), parameters('SecretName')), '2016-10-01').secretUriWithVersion, ')')]"
          }
        }
      ]
    },
    {
      "type": "Microsoft.Storage/storageAccounts",
      "name": "[variables('storageAccountName')]",
      "apiVersion": "2015-06-15",
      "location": "[resourceGroup().location]",
      "properties": {
        "accountType": "Standard_LRS"
      }
    }
  ],
  "outputs": {
      "managedIdentity" : {
        "type": "object",
        "value": {
          "tenantId" : "[reference(concat('Microsoft.Web/sites/', parameters('webSiteName')), '2018-02-01', 'Full').identity.tenantId]",
          "principalId" : "[reference(concat('Microsoft.Web/sites/', parameters('webSiteName')), '2018-02-01', 'Full').identity.principalId]"
        }
      }
  }
}