Securing your confidential configurations while implementing cloud solution is vital, Key vaults service helps in securing those critical configurations that are used as part of the implementation. Key vaults secret are easy to consume from any compute service that you are used part of the implementation. In this article I am going to walk through about how to get the Key vaults secret value from Azure Function app using .NET.
Code to read secret value [C#]
In this above example, I hard-coded the URL in the code. For production release you can use the application configuration in the Azure Function to hold the URL and read the URL from the application configuration.
Enable system assigned managed identity in Azure Function
By default the system assigned managed identity status is off meaning this won’t be registered in the Azure Active Directory. Change the status to ON, this will register the azure function app to the Azure Active Directory. Don’t forgot to save the changes.
Access setup in the Azure Key vaults
- Navigate to the Access policies in the left panel of the Key vaults.
- Click “+Add Access Policy” link. This will give option to choose the principal that is created on the previous steps in Azure Function.
3. Choose Get, List for the Secret permissions and click on Add.
Now Azure Key vaults will allow the Function app to access the secret. If the access policy is not configured, there will be a runtime error that will restrict the access of the secret.
My Trial 