# "Unable to find a tag containing the vault's name in the VMSS" Error

When using CloudGuard WAF Gateway in Azure, deploying a VMSS required the certificates to be hosted in a Key Vault. This guide explains the steps needs to be taken when a critical error on monitoring stating: "Unable to find a tag containing the vault's name in the VMSS".

**WHAT TO DO?**

1. Navigate to [portal.azure.com](http://portal.azure.com/)
2. Click on **Subscriptions** → Choose the relevant Subscription in which the CloudGuard WAF VMSS deployment is using.
3. Choose the relevant CloudGuard WAF VMSS (Virtual Machine Scale Set) and **click** on it.
4. Click on **Tags** on the right-side menu\
   ![](https://2760087783-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEWA4nfgNrSRL8dA6Kap7%2Fuploads%2FiHBGZknBxLbrwfHhi7rp%2Fimage.png?alt=media\&token=c389e6bf-2edb-4758-a95d-d0e4a1b1de3b)
5. Create a new tag → Name: vault, Value: key vault name (can be found on Azure Key Vault)

   <figure><img src="https://2760087783-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEWA4nfgNrSRL8dA6Kap7%2Fuploads%2FaVAg5ccV289Oat34dCNV%2Fimage.png?alt=media&#x26;token=909f3ed5-76ec-46fd-b257-69049471aaab" alt=""><figcaption></figcaption></figure>
6. Click **Apply**
7. Go back to Infinity Portal → **Enforce Policy and Publish**.