Problem Statement:
We cannot store secure values like client ids/secrets, connection strings, references, credentials, etc. directly in Azure Function configuration or code. We can use Key Vault to store these values needed in Azure Function. Azure Key Vault is a cloud-based service provided by Microsoft Azure that allows users to securely store and manage cryptographic keys, secrets, and certificates. We will see steps to use Key Vault for Azure Function:
Steps:
Create Secret in Key Vault:
- Navigate to portal.azure.com -> Key Vault -> Secrets. Click on Generate/Import.
- Fill Name and Secret value. Also, we can set activation and expiry date for secret. Once done, press create.
- Copy Secret Identifier generated after Secret gets created.
Identity for Azure Function
- Navigate to Azure Function -> Identity and set System assigned identity status to On. This will allow Azure Function App to access Key Vault.
Access Policy for Secret
To use Secret in Azure Function we need to create Access policy for Azure Function in Key Vault. To create Access Policy:
- Navigate to Key Vault -> Access Policies. Click on +Create.
- Select Permission needed for Azure Function. We can also use existing template. Since I need only secret, I have given Get and List secret permission.
- Select Function App in Principle tab.
- Review and Create Access Policy
Using Key Vault reference:
In Local Code:
- Open Local.settings.json file of Function App. Create new value for secret.
- Use Key Vault value using following syntax.
In Portal:
- Navigate to Azure Function -> Configuration. Edit CrmConnectionString configuration.
- Set Secret Identifier inside configuration variable in following syntax:
Conclusion:
Thus, Using Key Vault we can store secure information and use it in Azure Function app.
Leave a Reply