Accessing Azure Key vaults secret from Azure Function

Securing your confidential configurations while implementing cloud solution is vital, Key vaults service helps in securing those critical configurations that are used as part of the implementation. Key vaults secret are easy to consume from any compute service that you are used part of the implementation. In this article I am going to walk through about how to get the Key vaults secret value from Azure Function app using .NET.

Code to read secret value [C#]No alt text provided for this image

In this above example, I hard-coded the URL in the code. For production release you can use the application configuration in the Azure Function to hold the URL and read the URL from the application configuration.

Enable system assigned managed identity in Azure Function

By default the system assigned managed identity status is off meaning this won’t be registered in the Azure Active Directory. Change the status to ON, this will register the azure function app to the Azure Active Directory. Don’t forgot to save the changes.

Access setup in the Azure Key vaults

  1. Navigate to the Access policies in the left panel of the Key vaults.
  2. Click “+Add Access Policy” link. This will give option to choose the principal that is created on the previous steps in Azure Function.

No alt text provided for this image3.

3. Choose Get, List for the Secret permissions and click on Add.

No alt text provided for this image

Now Azure Key vaults will allow the Function app to access the secret. If the access policy is not configured, there will be a runtime error that will restrict the access of the secret.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s