A binding for Azure Functions to make working with Azure KeyVault easier.
Create a new Azure Function instance in Azure
Create a new KeyVault instance in Azure
Ensure the Azure Function has 'Managed Service Identity' turned on
Add the Azure Function (by resource name) to the Key Vault's Access Policy list with 'Secret | Get' permissions Fill out only the 'Select Principal' part, not the 'Authorized application' part of the form
You can get more detail on setting this up by reading this blog post from Functions PM, Jeff Hollan.
Use the KeyVault binding in your Azure Function by:
Adding the nuget package to your project
Install-Package BC3Technologies.Azure.Functions.Extensions.KeyVault -IncludePrerelease
Then referencing it in your Function definition
public static IActionResult Run([HttpTrigger(AuthorizationLevel.Function, "get", Route = null)]HttpRequest req, [KeyVaultSecret(@"MyKv", @"MySecretId")]string secretValue, ILogger log)
where MyKv
and MySecretId
are defined in your app settings like:
"MyKv": "kv23958612",
"MySecretId": "fooSecret"
secretValue
parameter populated with the value from the MyKv
Key Vault for the secret MySecretId
[KeyVaultSecret(@"MyKv", @"MySecretId")]**out** string myNewKeyValue
to set the value of fooSecret
in KeyVault[KeyVaultKey("kvresourcesetting","keynamesetting")]JsonWebKey myKey