I had a similar thing with MaaS once
I have my doubts about juju update-credentials.
Any possibility you put a resource lock on the resource group?
I believe my issue happened because I locked the machine in MaaS.
Check out this post
@anastasia-macmood helped me out and I wrote up what fixed my problem, maybe it could you?. 