I have been tasked to move the connection from an Azure function to Key Vault instead of storing it as a Function AppSetting. The syntax of the Azure function is as follows:
AuthType=ClientSecret;ClientId=<clientId>;ClientSecret=<ClientSecret>;Url=<Url>
I’ve created the Key Vault, key and secret, but where to add the above connection in Key Vault?
Also, am I correct that once I add the above connection to my key, I can go back to my Azure Function, go to the Configuration blade and replace the AppSetting value with the URL to my Key Vault Secret URI?
Thanks
2
Answers
I was confusing the concepts of "key" and "secret". Once I understood which each does, I was able to create my secret and then update my App Setting.
There are a few approaches to achieving this especially given you can make use of the managed identity framework, but, if you want to use it as an appsetting, you need to use a specific syntax to do so.
This documentation explains how to use the reference syntax …
https://learn.microsoft.com/en-us/azure/app-service/app-service-key-vault-references?tabs=azure-cli#reference-syntax
As per the documentation …
Complete Reference
@Microsoft.KeyVault(SecretUri=https://myvault.vault.azure.net/secrets/mysecret/)Alternatively
@Microsoft.KeyVault(VaultName=myvault;SecretName=mysecret)Be sure to grant the function app access to the KeyVault secret. Help on configuring this can be found here …
https://learn.microsoft.com/en-us/azure/app-service/app-service-key-vault-references?tabs=azure-cli#granting-your-app-access-to-key-vault