diff --git a/src/Sql/Sql.Test/ScenarioTests/AuditTests.ps1 b/src/Sql/Sql.Test/ScenarioTests/AuditTests.ps1
index cd6c4b4e0060..c5338496b6bd 100644
--- a/src/Sql/Sql.Test/ScenarioTests/AuditTests.ps1
+++ b/src/Sql/Sql.Test/ScenarioTests/AuditTests.ps1
@@ -869,7 +869,7 @@ function Test-AuditOnDatabase
 		Assert-AreEqual 0 $policy.AuditAction.Length
 		Assert-Null $policy.PredicateExpression
 		Assert-Null $policy.StorageAccountResourceId
-		Assert-AreEqual "Primary" $policy.StorageKeyType
+		Assert-AreEqual "None" $policy.StorageKeyType
 		Assert-Null $policy.RetentionInDays
 		
 		# Verify event hub auditing policy is disabled.
@@ -966,7 +966,7 @@ function Test-AuditOnDatabase
 		Assert-AreEqual 0 $policy.AuditAction.Length
 		Assert-AreEqual "" $policy.PredicateExpression
 		Assert-Null $policy.StorageAccountResourceId
-		Assert-AreEqual "Primary" $policy.StorageKeyType
+		Assert-AreEqual "None" $policy.StorageKeyType
 		Assert-Null $policy.RetentionInDays
 		
 		# Verify event hub auditing policy is enabled.
@@ -995,7 +995,7 @@ function Test-AuditOnDatabase
 		# Verify storage auditing policy is disabled.
 		Assert-AreEqual "Disabled" $policy.BlobStorageTargetState
 		Assert-Null $policy.StorageAccountResourceId
-		Assert-AreEqual "Primary" $policy.StorageKeyType
+		Assert-AreEqual "None" $policy.StorageKeyType
 		Assert-Null $policy.RetentionInDays
 		
 		# Verify event hub auditing policy is enabled.
@@ -1021,7 +1021,7 @@ function Test-AuditOnDatabase
 		# Verify storage auditing policy is disabled.
 		Assert-AreEqual "Disabled" $policy.BlobStorageTargetState
 		Assert-Null $policy.StorageAccountResourceId
-		Assert-AreEqual "Primary" $policy.StorageKeyType
+		Assert-AreEqual "None" $policy.StorageKeyType
 		Assert-Null $policy.RetentionInDays
 		
 		# Verify log analytics auditing policy is disabled.
@@ -1065,7 +1065,7 @@ function Test-RemoveAuditOnDatabase
 		Assert-AreEqual 0 $policy.AuditAction.Length
 		Assert-Null $policy.PredicateExpression
 		Assert-Null $policy.StorageAccountResourceId
-		Assert-AreEqual "Primary" $policy.StorageKeyType
+		Assert-AreEqual "None" $policy.StorageKeyType
 		Assert-Null $policy.RetentionInDays
 		
 		# Verify event hub auditing policy is disabled.
@@ -1162,7 +1162,7 @@ function Test-RemoveAuditOnDatabase
 		Assert-AreEqual 0 $policy.AuditAction.Length
 		Assert-AreEqual "" $policy.PredicateExpression
 		Assert-Null $policy.StorageAccountResourceId
-		Assert-AreEqual "Primary" $policy.StorageKeyType
+		Assert-AreEqual "None" $policy.StorageKeyType
 		Assert-Null $policy.RetentionInDays
 		
 		# Verify event hub auditing policy is disabled.
@@ -1309,7 +1309,7 @@ function Test-AuditOnServer
 		Assert-AreEqual 0 $policy.AuditActionGroup.Length
 		Assert-Null $policy.StorageAccountResourceId
 		Assert-AreEqual "" $policy.PredicateExpression
-		Assert-AreEqual "Primary" $policy.StorageKeyType
+		Assert-AreEqual "None" $policy.StorageKeyType
 		Assert-Null $policy.RetentionInDays
 		
 		# Verify event hub auditing policy is disabled.
@@ -1402,7 +1402,7 @@ function Test-AuditOnServer
 		Assert-True {$policy.AuditActionGroup.Contains([Microsoft.Azure.Commands.Sql.Auditing.Model.AuditActionGroups]::FAILED_DATABASE_AUTHENTICATION_GROUP)}
 		Assert-AreEqual "" $policy.PredicateExpression
 		Assert-Null $policy.StorageAccountResourceId
-		Assert-AreEqual "Primary" $policy.StorageKeyType
+		Assert-AreEqual "None" $policy.StorageKeyType
 		Assert-Null $policy.RetentionInDays
 		
 		# Verify event hub auditing policy is enabled.
@@ -1430,7 +1430,7 @@ function Test-AuditOnServer
 		# Verify storage auditing policy is disabled.
 		Assert-AreEqual "Disabled" $policy.BlobStorageTargetState
 		Assert-Null $policy.StorageAccountResourceId
-		Assert-AreEqual "Primary" $policy.StorageKeyType
+		Assert-AreEqual "None" $policy.StorageKeyType
 		Assert-Null $policy.RetentionInDays
 		
 		# Verify event hub auditing policy is enabled.
@@ -1455,7 +1455,7 @@ function Test-AuditOnServer
 		# Verify storage auditing policy is disabled.
 		Assert-AreEqual "Disabled" $policy.BlobStorageTargetState
 		Assert-Null $policy.StorageAccountResourceId
-		Assert-AreEqual "Primary" $policy.StorageKeyType
+		Assert-AreEqual "None" $policy.StorageKeyType
 		Assert-Null $policy.RetentionInDays
 		
 		# Verify log analytics auditing policy is disabled.
@@ -1499,7 +1499,7 @@ function Test-RemoveAuditOnServer
 		Assert-AreEqual 0 $policy.AuditActionGroup.Length
 		Assert-Null $policy.StorageAccountResourceId
 		Assert-AreEqual "" $policy.PredicateExpression
-		Assert-AreEqual "Primary" $policy.StorageKeyType
+		Assert-AreEqual "None" $policy.StorageKeyType
 		Assert-Null $policy.RetentionInDays
 		
 		# Verify event hub auditing policy is disabled.
@@ -1592,7 +1592,7 @@ function Test-RemoveAuditOnServer
 		Assert-True {$policy.AuditActionGroup.Contains([Microsoft.Azure.Commands.Sql.Auditing.Model.AuditActionGroups]::FAILED_DATABASE_AUTHENTICATION_GROUP)}
 		Assert-AreEqual "" $policy.PredicateExpression
 		Assert-Null $policy.StorageAccountResourceId
-		Assert-AreEqual "Primary" $policy.StorageKeyType
+		Assert-AreEqual "None" $policy.StorageKeyType
 		Assert-Null $policy.RetentionInDays
 		
 		# Verify event hub auditing policy is disabled.
diff --git a/src/Sql/Sql/Auditing/Model/ServerAuditModel.cs b/src/Sql/Sql/Auditing/Model/ServerAuditModel.cs
index e4e9651cc302..2319f47b30f6 100644
--- a/src/Sql/Sql/Auditing/Model/ServerAuditModel.cs
+++ b/src/Sql/Sql/Auditing/Model/ServerAuditModel.cs
@@ -45,7 +45,7 @@ public enum AuditActionGroups
         USER_CHANGE_PASSWORD_GROUP
     }
 
-    public enum StorageKeyKind { Primary, Secondary };
+    public enum StorageKeyKind { None, Primary, Secondary };
 
     public class ServerAuditModel
     {
diff --git a/src/Sql/Sql/Auditing/Services/SqlAuditAdapter.cs b/src/Sql/Sql/Auditing/Services/SqlAuditAdapter.cs
index a03c830c8b7f..53ec94726911 100644
--- a/src/Sql/Sql/Auditing/Services/SqlAuditAdapter.cs
+++ b/src/Sql/Sql/Auditing/Services/SqlAuditAdapter.cs
@@ -440,7 +440,8 @@ private void PolicizeStorageInfo(ServerAuditModel model, dynamic policy)
             else
             {
                 policy.IsStorageSecondaryKeyInUse = model.StorageKeyType == StorageKeyKind.Secondary;
-                policy.StorageAccountAccessKey = AzureCommunicator.RetrieveStorageKeysAsync(model.StorageAccountResourceId).GetAwaiter().GetResult()[model.StorageKeyType];
+                policy.StorageAccountAccessKey = AzureCommunicator.RetrieveStorageKeysAsync(
+                    model.StorageAccountResourceId).GetAwaiter().GetResult()[model.StorageKeyType == StorageKeyKind.Secondary ? StorageKeyKind.Secondary : StorageKeyKind.Primary];
             }
 
             if (model.RetentionInDays != null)
diff --git a/src/Sql/Sql/ChangeLog.md b/src/Sql/Sql/ChangeLog.md
index 789f4f9e58db..3c218fa5c16d 100644
--- a/src/Sql/Sql/ChangeLog.md
+++ b/src/Sql/Sql/ChangeLog.md
@@ -20,6 +20,7 @@
 ## Upcoming Release
 * Added cmdlets `Get-AzSqlInstanceOperation` and `Stop-AzSqlInstanceOperation`
 * Supported auditing to a storage account in VNet.
+* Assign 'None' value as StorageKeyKind when a storage account under VNet is a target for the audit records. 
 
 ## Version 2.5.0
 * Added readable secondary parameter to `Invoke-AzSqlDatabaseFailover`